Search

OpenAI Data Breach: Key Insights and User Precautions

28 November 2025

OpenAI has alerted users regarding a recent data breach resulting from a hack of the third-party web analytics service Mixpanel, which was utilized on their API platform - platform.openai.com. This incident did not affect ChatGPT users, but it impacted API account holders, as reported by Windows Central.

According to the email received by users, the following information was compromised:

  • the name listed in the API profile;
  • email address;
  • approximate location (identified via IP address);
  • operating system and browser;
  • referrer websites;
  • organization and user IDs within the OpenAI system.

OpenAI emphasizes that no chats, API requests, usage history, passwords, API keys, payment data, or verification documents were compromised. The company states that this was not a breach of its infrastructure - the leak occurred within Mixpanel.

According to OpenAI, Mixpanel:

  • detected unauthorized access to its systems on November 9;
  • provided OpenAI with a copy of the stolen dataset on November 25;
  • confirmed that the incident was limited to analytical data of API users.

OpenAI has suspended integration with Mixpanel and urged users to be cautious about phishing attempts, as the stolen information could be exploited in such attacks.

This incident has once again highlighted the issue of privacy among ChatGPT and API users. Although user data was not compromised, experts warn that the company handles a significant amount of sensitive information, and such breaches could undermine trust in its services both in business and day-to-day life.