OP 27 November, 2025 - 07:18 PM
OpenAI is informing some users that they may be impacted by a recent data breach at product analytics and event-tracking solutions provider Mixpanel.
Mixpanel disclosed the security incident on Thursday, saying that it was detected on November 8. The company described it as a “smishing campaign” and noted that a “limited number of customers” are affected.
The company did not share any technical information on the intrusion, but pointed out that it secured affected accounts, rotated compromised credentials, revoked active sessions, reset employee passwords, and blocked malicious IPs in response to the incident.
While Maxpanel shared little information on the cyberattack, OpenAI, one of the affected customers, has provided more details regarding impact.
The AI giant uses Mixpanel for web analytics, to help it understand product usage and improve the API product (platform.openai.com).
OpenAI said there was no unauthorized access to its own infrastructure and the data breach did not affect ChatGPT chat content, prompts, responses, or API usage data. OpenAI passwords, API keys, payment information, account credentials, and government IDs were not compromised.
“Users of ChatGPT and other products were not impacted,” OpenAI said.
However, the attacker did steal “a dataset containing limited customer identifiable information and analytics information”.
Specifically, the hackers obtained user profile information associated with ‘platform.openai.com’, including name, email address, approximate location based on the user’s browser (such as city, state, and country), operating system and browser, organization or user ID, and referring website.
OpenAI warned that the compromised information could be useful to threat actors for phishing and social engineering attacks.
https://www.securityweek.com/openai-user...anel-hack/
![[Image: Untitled.png]](https://i.ibb.co/Q3L96QM7/Untitled.png)
Mixpanel disclosed the security incident on Thursday, saying that it was detected on November 8. The company described it as a “smishing campaign” and noted that a “limited number of customers” are affected.
The company did not share any technical information on the intrusion, but pointed out that it secured affected accounts, rotated compromised credentials, revoked active sessions, reset employee passwords, and blocked malicious IPs in response to the incident.
While Maxpanel shared little information on the cyberattack, OpenAI, one of the affected customers, has provided more details regarding impact.
The AI giant uses Mixpanel for web analytics, to help it understand product usage and improve the API product (platform.openai.com).
OpenAI said there was no unauthorized access to its own infrastructure and the data breach did not affect ChatGPT chat content, prompts, responses, or API usage data. OpenAI passwords, API keys, payment information, account credentials, and government IDs were not compromised.
“Users of ChatGPT and other products were not impacted,” OpenAI said.
However, the attacker did steal “a dataset containing limited customer identifiable information and analytics information”.
Specifically, the hackers obtained user profile information associated with ‘platform.openai.com’, including name, email address, approximate location based on the user’s browser (such as city, state, and country), operating system and browser, organization or user ID, and referring website.
OpenAI warned that the compromised information could be useful to threat actors for phishing and social engineering attacks.
https://www.securityweek.com/openai-user...anel-hack/