Artificial intelligence (AI) company OpenAI was impacted by a third-party breach affecting analytics company Mixpanel, exposing “limited” user data.
“On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information,” the company wrote in a data breach incident notification on its website.
The ChatGPT maker leverages Mixpanel’s data analytics services to track API user activity on the frontend.
Did the OpenAI third-party breach affect ChatGPT users?
OpenAI says the third-party breach affected only API users and did not impact other products, including the popular AI chatbot ChatGPT.
It also did not leak chats, API data, account credentials (passwords and API keys), payment information (credit cards or bank accounts), or government-issued IDs, such as Social Security Numbers, driver’s licenses, and state or Tax IDs.
“No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed,” the ChatGPT maker explained.
Similarly, the third-party breach did not affect OpenAI’s internal systems and infrastructure. Thus, its operations were unaffected, and users did not experience any downtime.
“This incident was limited to Mixpanel’s systems and did not involve unauthorized access to OpenAI’s infrastructure,” noted OpenAI.
OpenAI third-party breach exposed only API user account information
However, the third-party breach leaked API user account information. Details leaked included the API account name, email address, approximate physical location (city, state, country), operating system and browser or useragent information, referring website, and user or account ID.
Meanwhile, OpenAI is assessing the third-party breach to determine its scope and is notifying impacted individuals. It also continues to monitor the incident to confirm the status of the leaked information.
“While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse,” the company said.
The AI company also terminated Mixpanel’s services to ensure its user data is well-protected and to prevent a similar data breach in the future.
“We also hold our partners and vendors accountable for the highest bar for security and privacy of their services. After reviewing this incident, OpenAI has terminated its use of Mixpanel,” the AI company said.
The company also says it has expanded its security vetting process across its vendor ecosystem to ensure the highest security standards.
Mixpanel says the data breach stemmed from an SMS phishing (smishing) campaign that began around November 8. According to the data analytics company, only a limited number of customers were impacted. However, OpenAI has notified all API users, while Mixpanel contacted only the affected customers.
“We proactively communicated with all impacted customers. If you have not heard from us directly, you were not impacted,” Mixpanel said.
Meanwhile, OpenAI has warned users that threat actors could use the stolen information for targeted phishing (spear phishing), potentially leading to the disclosure of more sensitive personal or account information. Thus, it encouraged them to remain vigilant for potential unsolicited messages containing suspicious links or attachments.
The AI company also advised impacted users to double-check that messages purporting to be from OpenAI originate from legitimate domains. They should also enable two-factor authentication (2FA) and be aware that OpenAI does not request account credentials, such as passwords or authentication tokens, via email, text messages, or social media chats.
“As businesses integrate more AI and SaaS tools into their workflows, risks no longer come just from bad actors, they can come from default settings, copy-paste code, and silent misconfigurations,” warned Mayur Upadhyaya, CEO at APIContext. “The Mixpanel incident shows how even trusted analytics tools can inadvertently leak sensitive data if not continuously validated. In a machine-first world, you can’t fix what you can’t see. Observability must extend across every API, webhook, and third-party integration.”
