Outlook Business Desk
OpenAI has stopped using the analytics service Mixpanel after a security issue on the vendor’s side exposed data tied to API accounts, according to multiple resources, while the company clarified that ChatGPT users and other consumer products were not impacted.
OpenAI said it had relied on Mixpanel to analyse how its API products were being used. Once the breach came to light, the company pulled Mixpanel from its production environment and started reviewing the extent of the data affected.
The company stated that it is examining all compromised data and coordinating with Mixpanel and other partners to determine what went wrong. The company has also begun informing affected organisations, admins and users as part of its continuing review.
The incident may have revealed several details from API accounts, said OpenAI, including the account holder’s name, registered email, rough location from browser data, device and browser information, referring sites and the organisation or user IDs connected to the account.
OpenAI also noted that certain profile information linked to platform.openai.com accounts might have been part of the data pulled from Mixpanel. It emphasised that chat history, prompts, responses and API usage details were not impacted.
OpenAI clarified that sensitive details such as passwords, API keys, payment data, government IDs and login credentials were untouched by the breach. The company says it is still watching closely for any signs of misuse outside Mixpanel’s systems.
OpenAI also cautioned that the leaked names, email addresses and associated metadata could be exploited in phishing or social-engineering attempts. It advised impacted API users to be careful with unexpected messages that seem authentic or unusually personalised.
OpenAI recommended that users carefully check any unexpected communications, confirm that emails genuinely come from official OpenAI domains, avoid providing passwords or API keys and activate multi-factor authentication to improve account security after the breach.