Mixpanel breach exposes limited OpenAI API metadata

A security issue at Mixpanel led to exposure of some OpenAI API account metadata, according to the company.
OpenAI says a Mixpanel breach exposed limited API user metadata but no chat content or credentials.

OpenAI says a security incident at Mixpanel exposed limited metadata linked to the API interface. Mixpanel’s systems, not OpenAI’s, were compromised during the intrusion. No chat content, passwords, API keys, or payment information was affected.

Mixpanel told OpenAI that an attacker exported a dataset containing basic user profile fields. The information includes names, email addresses, coarse location data, and browser details. OpenAI has removed Mixpanel from production and is notifying impacted users.

OpenAI maintains that its internal infrastructure remains secure with no evidence of unauthorised access. Wider reviews across the vendor ecosystem are underway to assess potential risks. The company has raised security requirements for partners and continues to monitor for misuse.

Security teams warn that the leaked data could fuel phishing or social-engineering attempts. Users are urged to treat unsolicited messages with caution and verify communications sent under the OpenAI name. Multi-factor authentication remains strongly recommended for all accounts as an added safeguard.

OpenAI reiterates that trust and privacy remain core to its products and operations. The organisation has ended its use of Mixpanel and is reviewing supporting services to prevent similar issues. Impacted organisations will receive direct notifications as the investigation continues.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!