OpenAI Confirms User Data Exposed After Mixpanel Security Breach, Launches Probe

Critical data like passwords and payment details were unaffected. OpenAI removed Mixpanel, notified users, and is investigating the impact, urging vigilance against phishing.

By : ABP Live Tech | Updated at : 27 Nov 2025 10:37 PM (IST)

OpenAI User Data Leak Confirms Expose After Mixpanel Security Breach Launches Probe OpenAI Confirms User Data Exposed After Mixpanel Security Breach, Launches Probe

OpenAI confirmed a security breach at analytics partner Mixpanel exposed limited API user data (name, email, location, browser info, IDs).

Source : PTI

Show Quick Read

Key points generated by AI, verified by newsroom

OpenAI has confirmed that some user information was exposed following a security breach involving analytics partner Mixpanel. The company disclosed on Thursday that while the incident did not compromise sensitive data or affect core products such as ChatGPT and Sora, limited details linked to its API users may have been leaked.

The breach occurred on November 9, when a threat actor infiltrated Mixpanel’s systems and exported a dataset containing analytics from several organisations, including OpenAI. The AI firm added that Mixpanel notified it on November 25 as part of the ongoing investigation.

No Passwords, API Keys, Payment Data Impacted

According to OpenAI, servers and products remained secure during the incident, and critical data, including API usage details, credentials, government IDs, and payment information, was not affected.

However, some user profile information associated with “platform.openai.com” may have been included in the compromised dataset, such as:

Name linked to the API account
Email address
Coarse location (city, state, country) based on browser data
Browser and operating system used
Referring website information
Organisation or user IDs associated with the account

As a precaution, OpenAI removed Mixpanel from its production environment and is reviewing the affected data with its analytics partner and cybersecurity experts to determine the full impact.

“We have found no evidence of any effect on systems or data outside Mixpanel’s environment, but we continue to monitor closely for any signs of misuse,” the company stated.

Users Asked To Stay Vigilant

OpenAI has reached out to potentially affected API users, advising them to be cautious of suspicious emails or credible-looking phishing attempts, a common risk following data exposure incidents.

While the investigation continues, the company emphasised that the privacy and security of its growing user base remains a priority, and that the breach did not involve end-users of ChatGPT, the Sora app, or the ChatGPT Atlas browser.

About the author ABP Live Tech

ABP Live Tech tracks the pulse of the digital world, covering smartphones, gadgets, apps, AI, startups, cybersecurity and emerging innovations, while decoding launches, updates and policy shifts with sharp, reliable reporting that helps readers stay informed, secure and future-ready.