OpenAI has notified certain API customers that limited identifying information was exposed due to a data breach at third-party analytics provider Mixpanel, though no chats, API queries, or access credentials were compromised.
OpenAI has begun notifying ChatGPT API customers about a security incident involving Mixpanel, a third-party analytics service. Following an SMS-phishing attack, attackers gained access to a limited set of analytics data, including account names, associated email addresses, approximate geolocation, and details about the operating system and browser used to access the API.
The company emphasized that no chats, API usage data, API keys, passwords, payment information, or sensitive identifiers were affected. Mixpanel reported that the attack targeted a small number of its clients and stemmed from a smishing incident detected on November 8. OpenAI received full details on November 25 and immediately launched an internal investigation.
Users are being warned about potential phishing and social-engineering attempts that could exploit the exposed information. OpenAI has removed Mixpanel from its operational services and notified all organizations and administrators. Meanwhile, Mixpanel revoked active sessions, rotated compromised credentials, blocked malicious IP addresses, and forced a password reset for all employees.
Mixpanel provides event-based analytics for OpenAI’s API interfaces. The attack appears to be part of a broader smishing campaign aimed at gaining unauthorized access to corporate tools through deceptive messages. According to some reports, CoinTracker was also affected, with exposed device metadata and limited transaction information.
Although no highly sensitive data was leaked, such incidents significantly increase the risk of targeted phishing, account takeover attempts, and broader security threats.
The breach highlights the ongoing vulnerabilities introduced through third-party service providers, even for major AI companies. While OpenAI assures that core systems were not compromised, users are urged to strengthen account security and stay alert for suspicious communications related to the incident.
