3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
OpenAI is sending out emails this morning to confirm that a ton of user data has been exposed owing to a breach in a third-party web analytics tool called Mixpanel.
Another day, another security breach. This time, it's OpenAI's turn.
Today, users are waking up to discover emails from OpenAI's security team, confirming more security issues at the company. This one is a bit more egregious than previous breaches, exposing emails, names, and approximate locations of an undisclosed number of users.
- Names provided to accounts on platform.openai.com
- Email addresses linked to the API accounts via platform.openai.com
- "Coarse approximate location" determined by IP address and web browser
- OS and browser type, as well as referring websites
- Organizataions and user IDs saved into the API accounts
The email to affected users reads as follows.
"Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider that OpenAl used for web analytics on the frontend interface for our API product (platform.openai.com). The incident occurred within Mixpanel's systems and involved limited analytics data related to your API account.
This was not a breach of OpenAl's systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.
On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information. Mixpanel notified OpenAl that they were investigating, and on November 25, 2025, they shared the affected dataset with us."
OpenAI says it has shut down its interfacing with Mixpanel while it "investigates" the breach, and urges users to be additionally vigilant of phishing-type attacks and social engineering scams that might attempt to leverage the stolen data.
OpenAI controls vast swathes of very personal information on millions of people
Your data? Our data.
(Image credit: Getty Images | Bloomberg)
It's not the first time OpenAI has been in hot water for its cavalier attitude towards user privacy and safety. As individuals become increasingly comfortable to bear their souls (and potentially confidential organizational data) with ChatGPT and other similar systems, security is becoming an increasingly hot topic for companies like OpenAI and Microsoft.
While no ChatGPT conversations or governmental IDs used for age verification were leaked in this breach, it's not exactly a huge vote of confidence that the firm allowed for something like this to happen in the first place.
Data breaches of this type are incredibly common these days. I often use a variety of email aliases on my accounts to prevent potential breaches leading to all of my accounts becoming compromised, but it's a laborious process. Losing the anonymity of your account information is one thing, but I presume there are many ChatGPT users out there who probably wouldn't like their AI conversations leaked onto the web for a variety of reasons.
It's encouraging that OpenAI informed users just two days after receiving the affected user data set, but it would be ideal if things like this didn't happen at all.
Remember to slap multi-factor authentication on all of your accounts, folks.
Hope you enjoyed this news post. Feedback welcome.
Posted Thursday 27 November 2025 at 6:00 pm AEST (my time).
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.