OpenAI Reveals Data Breach: Mixpanel Vendor Hack Exposes Customer Information

OpenAI Discloses API Customer Data Breach through Mixpanel Vendor Hack

Recently, OpenAI has informed certain ChatGPT API users about a data breach that occurred due to a security incident at its analytics provider, Mixpanel.

OpenAI utilizes Mixpanel’s event analytics to monitor user interactions on the frontend interface of its API product.

According to OpenAI, the breach only affected limited analytics data related to some API users and did not impact users of ChatGPT or any other products.

OpenAI clarified that this incident did not compromise or expose chat content, API requests, user data, passwords, payment details, or any sensitive information.

Mixpanel confirmed that the breach affected only a small number of its customers and was a result of a smishing campaign detected on November 8.

On November 25, OpenAI received information about the impacted dataset following Mixpanel’s investigation.

The exposed information may include the name provided on the API account, associated email address, approximate location based on the user’s browser, operating system, browser details, referring websites, and organization or user IDs linked to the API account.

As no sensitive credentials were compromised, users are not required to reset passwords or regenerate API keys.

Some users have reported that CoinTracker, a cryptocurrency platform, was also affected, with exposed data including device metadata and limited transaction details.

OpenAI has initiated an investigation to fully understand the breach’s extent. As a precaution, Mixpanel has been removed from OpenAI’s production services, and affected organizations and users are being directly notified.

Despite the breach affecting only API users, OpenAI has informed all subscribers as a precautionary measure.

OpenAI warns about potential phishing attacks using the leaked data and advises users to stay vigilant for suspicious messages related to the incident.

Users are advised to verify messages containing links or attachments and ensure they originate from official OpenAI domains.

The company recommends enabling two-factor authentication and refraining from sharing sensitive information via email, text, or chat.

Mixpanel’s CEO, Jen Taylor, assured that all affected customers have been contacted directly, and necessary actions have been taken to secure accounts and prevent future incidents.

In response to the breach, Mixpanel has implemented enhanced security measures, including securing affected accounts, revoking active sessions, rotating compromised credentials, blocking threat actor IP addresses, and resetting passwords for all employees.

It’s budget season! Over 300 CISOs and security leaders have shared insights on planning, spending, and prioritizing for the year ahead. Learn more in this comprehensive report.

Discover how top leaders are leveraging investments for measurable impact.

Download Now