OpenAI has recently alerted users about a data breach stemming from a compromise of the third-party analytics service Mixpanel, which was utilized on their API platform – platform.openai.com. This incident did not impact ChatGPT users but did affect API account holders, as reported by Windows Central.
According to the letter sent to users, the following information was disclosed:
- the name on the API profile;
- email address;
- approximate location (determined by IP);
- operating system and browser;
- referrer sites;
- organization and user IDs within the OpenAI system.
OpenAI emphasizes that no chats, API requests, usage history, passwords, API keys, payment details, or verification documents were compromised. The company asserts that this was not a breach of its own infrastructure – the leak occurred within Mixpanel.
According to OpenAI's information, Mixpanel:
- detected unauthorized access to its systems on November 9;
- provided OpenAI with a copy of the stolen dataset on November 25;
- confirmed that the incident only involved API user analytics data.
OpenAI has suspended its integration with Mixpanel and urged users to be cautious of phishing attempts, as the stolen information could be exploited in such attacks.
This incident has once again highlighted concerns regarding privacy among ChatGPT and API users. While user data remained intact, experts stress that the company handles a substantial amount of sensitive information, and such leaks could undermine trust in its services both in business and daily life.
