OpenAI has alerted users about a recent data breach caused by a compromise of the third-party analytics service Mixpanel, which was utilized on its API platform – platform.openai.com. The incident did not affect ChatGPT users but involved API account holders, as reported by Windows Central.

According to a letter received by users, the following information was compromised:

• the name associated with the API profile;
• email address;
• approximate location (determined by IP);
• operating system and browser;
• referrer sites;
• IDs of organizations and users within the OpenAI system.

OpenAI emphasizes that no chats, API requests, usage history, passwords, API keys, payment information, or verification documents were compromised. The company asserts that this was not a breach of its own infrastructure – the leak occurred within Mixpanel.

According to OpenAI's information, Mixpanel:

• detected unauthorized access to its systems on November 9;
• provided OpenAI with a copy of the stolen data set on November 25;
• confirmed that the incident only involved analytical information of API users.

OpenAI has suspended its integration with Mixpanel and urged users to be cautious about phishing attempts, as the stolen information could be used for such attacks.

This incident has again highlighted privacy concerns among ChatGPT and API users. Although user data was not compromised, experts stress that the company handles a significant amount of sensitive information, and such leaks could undermine trust in its services in both business and everyday contexts.