OpenAI has issued a security warning to users of its API after discovering a potential data leak involving Mixpanel, a company that handles analytics for websites and apps. According to OpenAI, an attacker gained unauthorised access to part of Mixpanel’s systems in early November, which led to the export of limited customer information.
The alert was directed at users of platform.openai.com, since API-related data may have been exposed during the breach.
What information may have been leaked
After several weeks of investigation, OpenAI determined that the compromised data could include:
- Name associated with an API account
- Email address
- Approximate location
- System and browser details
- Referring websites
- General IDs related to account activity
The company noted that it’s still unclear how much data was taken.
OpenAI also noted that, in many cases, the exposed information originated from phishing attempts. Attackers often used social engineering to trick users into clicking links or sharing sensitive details. OpenAI advises API users to exercise particular caution when receiving emails or messages requesting verification codes, API keys, or other sensitive information.
As a response, OpenAI has removed Mixpanel from its services but continues to collaborate with the analytics provider as the investigation progresses.
Importantly, the incident did not affect ChatGPT or any of OpenAI’s chat-based products. No prompts, messages, or conversation data were part of the breach.
