The hacker was able to access specific information on OpenAI’s APIs OpenAI responded quickly by permanently discontinuing the use of Mixpanel in its production environment

OpenAI has announced a security incident affecting the external analytics provider Mixpanel, which it relies on, resulting in limited data exposure for some users. However, the company confirmed that regular ChatGPT users on the website or app were not affected in any way.

According to the official statement, the hacker managed to access certain information linked to some users’ accounts on OpenAI’s API interfaces, such as names, email addresses, browser type, operating system, approximate location, and some identifiers associated with the account or organization.

“Phishing Attacks”

The company confirmed that chat data, passwords, payment information, usage logs, or identity documents were not affected or leaked. However, the exposed data is still personal information that could be used in phishing attacks or social engineering attempts targeting the user or their organization.

Who Is Affected?

The primary affected users are those on the OpenAI API platform — namely developers or organizations that use the company’s APIs to power their applications and services.

Meanwhile, regular ChatGPT users on the website or app were not affected, according to the company. OpenAI did not disclose the exact number of impacted users, stating only that the group was limited.

Mixpanel Disabled

In response, OpenAI acted quickly by permanently disabling Mixpanel in its production environment, reviewing all external partners, and strengthening security standards across the board. Affected users were directly notified and advised to be cautious of suspicious emails or links, and to enable multi-factor authentication to protect their accounts from potential misuse of the leaked data.

The incident highlights the importance of data protection not only within the company itself but also among external partners and service providers. OpenAI reiterated that regular ChatGPT users have no cause for concern at this time, while organizations and developers are advised to review their accounts and apply all available security measures.