The company disclosed that unauthorized access to Mixpanel’s systems resulted in the exposure of limited user profile information, though OpenAI’s core systems and sensitive data remained unaffected.
Mixpanel discovered the unauthorized access on November 9, 2025, when an attacker gained entry to part of their systems and exported a dataset containing customer-identifiable and analytics information.
OpenAI was notified of the investigation and received the affected dataset on November 25, 2025. The breach did not impact OpenAI’s primary services.
ChatGPT users and other products were unaffected, and no chat histories, API requests, credentials, API keys, payment details, or government IDs were compromised.
The exposed data was limited to analytics information collected specifically from users accessing OpenAI’s API platform (platform.openai.com).
Information potentially affected includes names provided on API accounts, email addresses, approximate coarse location based on browser data, operating system, and browser information, referring websites, and organization or user IDs.
In response to the incident, OpenAI immediately removed Mixpanel from its production services and conducted a thorough review of the affected datasets.
The company is actively notifying impacted organizations, administrators, and users directly. OpenAI has terminated its relationship with Mixpanel following the security review and is implementing more stringent security requirements across its entire vendor ecosystem.
“Trust, security, and privacy are foundational to our products, our organization, and our mission,” OpenAI stated in its disclosure.
The company emphasized its commitment to transparency and holding partners accountable for maintaining the highest security standards.
OpenAI has advised users to remain vigilant for potential phishing and social engineering attacks, as the exposed information, particularly names and email addresses, could be weaponized for targeted attacks.
The company recommends treating unexpected emails or messages with caution, especially those containing links or attachments, and verifying that communications claiming to be from OpenAI originate from official OpenAI domains.
The company emphasized that OpenAI never requests passwords, API keys, or verification codes through email, text, or chat.
Users are encouraged to enable multi-factor authentication on their accounts as an additional security measure.
OpenAI’s swift action in removing Mixpanel and conducting expanded security reviews across its vendor network demonstrates a proactive approach to preventing similar incidents.
The incident underscores the growing supply chain security risks organizations face and highlights the importance of vendor security oversight.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post OpenAI Confirms Mixpanel Breach Exposing Email Address, Name and Operating System Details appeared first on Cyber Security News.
This article contains spoilers for Resident Evil Requiem. Resident Evil Requiem finally sees the series…
From ARC Raiders to Escape From Duckov, extraction shooters seem to be enjoying something of…
It's a very exciting time for the Pokémon community with the reveal of the 10th…
People walk past blooming trees on the Harvard University campus in Cambridge, Massachusetts, in April…
NASA announced at a press conference on Friday that it's delaying its plans for a…
US President Donald Trump (R) looks on as US Secretary of Defense Pete Hegseth speaks…
This website uses cookies.