OpenAI Data Breach Linked to Phishing Attack on Analytics Partner
231OpenAI has confirmed a security incident involving a data breach that resulted from a phishing attack on its analytics partner, Mixpanel. The breach led to unauthorized access to certain customer profile information related to OpenAI’s API platform, prompting concerns about data security and user privacy.
Details of the Phishing Attack and Data Compromised
According to statements from both companies, the incident occurred on November 8 when Mixpanel detected a smishing campaign—an SMS-based phishing attempt—that targeted its employees. This attack enabled hackers to infiltrate Mixpanel’s systems and steal metadata associated with OpenAI API accounts.
The compromised data includes details such as the account holder’s name, email address, approximate location based on browser data, operating system and browser information, referring websites, and organization or user IDs linked to the API account. Importantly, no sensitive data such as passwords, API keys, or payment information was affected.
Response and Impact on Customers
Mixpanel promptly activated its incident response protocols and informed impacted customers directly. OpenAI also reviewed the shared dataset and decided to cease using Mixpanel’s services, potentially on a permanent basis. The breach affects some customers with platform.openai.com accounts, but does not impact ChatGPT or other OpenAI products.
Both companies have reassured users that no breach occurred within OpenAI’s own systems and that no sensitive data like chat histories or credentials were exposed. They are actively monitoring the situation for any signs of misuse.
OpenAI has provided contact emails for affected users: mixpanelincident@openai.com and support@mixpanel.com. Customers who have not been contacted are advised to conduct security checks and remain vigilant against phishing attempts targeting their email addresses.
What do you think?
It is nice to know your opinion. Leave a comment.