OpenAI confirmed that a security incident involving a third‑party analytics provider called Mixpanel resulted in the exposure of limited user information tied to its API platform. The breach occurred after attackers gained unauthorized access to Mixpanel’s internal systems and exported a dataset containing certain account metadata.

Who Was Affected:
Only users of OpenAI’s API (platform.openai.com) — typically developers and businesses integrating OpenAI models — may have had some basic profile information exposed. Regular ChatGPT users (web or app) were not affected by this breach, and OpenAI emphasized that its core infrastructure and consumer services were not compromised.

Type of Data Exposed:
The leaked information reportedly included names, email addresses, approximate location data, and technical metadata like browser and operating‑system details tied to API accounts. Importantly, highly sensitive data — such as chat histories, passwords, API keys, payment information, and government IDs — were not exposed.

Company Response:
OpenAI took swift action by terminating its use of Mixpanel, notifying impacted API users, and widening its security reviews of third‑party partners to prevent similar supply‑chain leaks. The company also warned that even limited data could be used in phishing or social‑engineering attempts, urging impacted users to stay vigilant.

Key Takeaway:
This incident highlights the risks posed by third‑party vendor breaches — even when a platform’s own systems remain secure. OpenAI’s transparency and action to cut ties with the affected vendor have been central to its response.