Key Developments
- OpenAI disclosed that user data from its API platform was compromised through vendor Mixpanel’s systems on November 9, 2025, with the company only learning the full scope on November 25
- Attackers gained unauthorized access to names, email addresses, location data, and OpenAI user identifiers that could fuel targeted social engineering campaigns
- OpenAI terminated its relationship with Mixpanel immediately after reviewing the incident and is conducting expanded security reviews across all vendors
USA HERALD – A cybersecurity breach at a third-party analytics provider has exposed personal information belonging to OpenAI API users, sparking warnings about sophisticated phishing attacks that could leverage the stolen data to impersonate the artificial intelligence company.
OpenAI announced November 26, 2025 that Mixpanel, a data analytics firm the company used for web analytics on platform.openai.com, suffered an unauthorized intrusion on November 9 that resulted in attackers exporting a dataset containing user profile information and analytics data. The company emphasized that OpenAI’s own systems were not breached and that sensitive credentials, payment information, chat logs, and API usage data remained secure.
