OpenAI has announced a security breach involving its analytics partner, Mixpanel. The breach occurred within Mixpanel’s systems and exposed limited user information from the OpenAI API platform. OpenAI confirms that its own systems remained secure and that no sensitive user data was compromised.
This incident only affects individuals using “platform.openai.com.” People who use ChatGPT or other OpenAI products are not affected.
OpenAI specifically confirmed that the breach did not access chat content, API requests, passwords, API keys, payment information, or government IDs. The exposed data includes basic profile and technical information. This comprises names associated with API accounts, email addresses, approximate locations, and details about users’ browsers and operating systems.
Dammit! Just got a data breach notification from @OpenAI related to @mixpanel: pic.twitter.com/y8shHPTOPU
— Troy Hunt (@troyhunt) November 27, 2025Mixpanel detected unauthorised access on November 9, 2025. The company then notified OpenAI and provided the affected dataset on November 25.
OpenAI has already removed Mixpanel from its production services and ended its partnership with Mixpanel. The company is now conducting broader security reviews of all its vendors and implementing stricter security requirements for future partners.
OpenAI warns that attackers may use the exposed information to send targeted phishing emails. Users should carefully check any unsolicited messages and confirm sender addresses. We recommend enabling multi-factor authentication for added security. However, users do not need to change their passwords or API keys, as the breach did not compromise this information.
