FOLLOW US

Key Developments

1. OpenAI disclosed that user data from its API platform was compromised through vendor Mixpanel's systems on November 9, 2025, with the company only learning the full scope on November 25
2. Attackers gained unauthorized access to names, email addresses, location data, and OpenAI user identifiers that could fuel targeted social engineering campaigns
3. OpenAI terminated its relationship with Mixpanel immediately after reviewing the incident and is conducting expanded security reviews across all vendors

USA HERALD - A cybersecurity breach at a third-party analytics provider has exposed personal information belonging to OpenAI API users, sparking warnings about sophisticated phishing attacks that could leverage the stolen data to impersonate the artificial intelligence company.

OpenAI announced November 26, 2025 that Mixpanel, a data analytics firm the company used for web analytics on platform.openai.com, suffered an unauthorized intrusion on November 9 that resulted in attackers exporting a dataset containing user profile information and analytics data. The company emphasized that OpenAI's own systems were not breached and that sensitive credentials, payment information, chat logs, and API usage data remained secure.

The Attack Vector and Compromised Data

According to OpenAI's official statement, an unidentified attacker penetrated portions of Mixpanel's infrastructure and extracted information that included user names registered to API accounts, associated email addresses, approximate geographic locations derived from browser data (city, state, and country levels), operating system and browser specifications, referring websites, and organizational or user identification numbers tied to OpenAI accounts.

Mixpanel detected the intrusion on November 9, 2025 and began investigating immediately, but did not share the complete affected dataset with OpenAI until November 25—a sixteen-day gap that raises questions about incident response coordination between vendors and their clients. OpenAI stated it is now in the process of directly notifying impacted organizations, administrators, and individual users.

The nature of the compromised information suggests this may have been a deliberate, targeted operation rather than an opportunistic breach. Security experts note that the combination of verified email addresses, real names, and platform-specific user identifiers creates an ideal foundation for business email compromise schemes and spear-phishing campaigns.