OpenAI has confirmed that a security breach at Mixpanel, one of its third-party analytics partners, exposed personal details of some users who rely on the company’s paid API services. The incident took place on 9 November 2025, when hackers gained access to Mixpanel’s systems. Mixpanel later informed OpenAI about the intrusion and shared the compromised dataset for investigation.
According to OpenAI, the leaked information is limited but still sensitive. It includes names linked to API accounts, email addresses, user or organisation IDs, approximate location data based on browser information, and technical details such as the browser, operating system and referring website. This data was collected to track user analytics on OpenAI’s API platform.
Importantly, no confidential user content, passwords, API keys, payment information, billing details, or chat logs were exposed. OpenAI emphasised that the breach does not affect regular consumers using ChatGPT, as this dataset only involved analytics connected to the platform.openai.com API service. All OpenAI models and systems continue to operate normally.
Following the incident, OpenAI immediately removed Mixpanel from all its production environments and ended its use of the company’s analytics services. The company is now contacting all affected users directly through email. OpenAI has also launched a broader review of its security and vendor-management processes to reduce the risk of similar breaches in the future.
Security experts warn that the exposed information could still be used for phishing attempts. With names and email addresses now potentially outside OpenAI’s secure ecosystem, attackers may try to send convincing scam emails pretending to be from OpenAI or related platforms. Users are advised to be cautious about unexpected messages, avoid clicking suspicious links and ensure that multi-factor authentication (MFA) is enabled on all critical accounts.
The incident highlights the vulnerabilities that can arise from third-party service providers, even when a company’s own systems remain secure. As more businesses depend on cloud and AI services, the security of every partner in the chain becomes crucial. OpenAI has reassured customers that it is strengthening auditing practices and increasing oversight of external vendors to prevent similar issues.
Also Read: JP Morgan predicts Nifty50 could hit 30,000 by 2026