OpenAI has notified users about a recent data breach resulting from a compromise of the third-party analytics service Mixpanel, which was utilized on the API platform – platform.openai.com. While the incident did not affect ChatGPT users, it impacted API account holders, according to Windows Central.

According to the information in the email received by users, the following data was compromised:

• the name associated with the API profile;
• email address;
• approximate location (determined by IP address);
• operating system and browser information;
• referrer sites;
• organization and user IDs within the OpenAI system.

OpenAI emphasizes that no chats, API requests, usage histories, passwords, API keys, payment details, or verification documents were compromised. The company clarifies that this was not a breach of its own infrastructure but occurred within Mixpanel.

According to OpenAI, Mixpanel:

• discovered unauthorized access to its systems on November 9;
• provided OpenAI with a copy of the stolen dataset on November 25;
• confirmed that the incident involved only analytics information of API users.

OpenAI has suspended its integration with Mixpanel and urged users to be cautious of phishing attempts, as the stolen information could be used in such attacks.

This incident has once again highlighted privacy concerns among ChatGPT and API users. Although user data was not compromised, experts stress that the company handles a significant amount of sensitive information, and such leaks could undermine trust in its services for both businesses and everyday users.