OpenAI issues global alerts after third-party Mixpanel breach, says most ChatGPT users unaffected
In an advisory published on its website, OpenAI stated that it is contacting all subscribers as a matter of transparency.
ADVERTISEMENT
OpenAI has begun issuing security alerts to ChatGPT users worldwide after a data breach at Mixpanel, a third-party analytics provider used to track activity on OpenAI’s API dashboard. Although the notification has raised alarm among users, the company has clarified that the breach did not involve ChatGPT systems and that the overwhelming majority of users face no risk.
In an advisory published on its website, OpenAI reportedly stated that it is contacting all subscribers as a matter of transparency, despite only a small fraction of users being potentially impacted. The incident did not compromise chat histories, API keys, passwords, payment information or any other sensitive personal data.
The breach affects only those with API accounts using platform.openai.com. OpenAI said some profile-level information may have been included in Mixpanel’s exported logs, such as names associated with API accounts, linked email addresses, approximate location from browser metadata, device and browser details, referring websites and internal user or organisation IDs.
The company confirmed it has removed Mixpanel from all production environments and launched a full investigation to determine the extent of the exposure. Organisations and administrators are being contacted directly to assess whether any team accounts fall within the affected group.
Apple was reportedly among the companies whose staff may have been exposed through API usage, but OpenAI emphasised that no customer data from any organisation was compromised.
OpenAI’s choice to alert all ChatGPT users, including those entirely unaffected, appears intended to prevent confusion and curb misinformation. The company has reiterated that users who rely solely on the ChatGPT website or app for conversations need not be concerned, as their data remains secure.
API developers who received the notification are advised to review OpenAI’s published details and monitor their registered email accounts for further updates as the investigation continues.
