OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser info. OpenAI systems were not breached, and no passwords, API keys, chats or payment data were exposed.

OpenAI has confirmed a data breach involving Mixpanel, a third-party analytics tool it used to monitor API dashboard activity. This wasn’t a direct attack on OpenAI’s systems but a compromise of Mixpanel, where an attacker accessed and exported data linked to API users.

To be specific, this wasn’t about passwords, payment info or anything that gives direct access. What got taken was account metadata, the kind of stuff analytics tools collect by default, including:

• Name
• Email address
• Referring website
• City, state or country
• Internal user or org ID
• Browser and operating system

OpenAI responded by immediately removing Mixpanel from its production systems and launched a review to identify what was affected. It ...