CRBC News
Politics
Conflict
Security
Economy
Science
Technology
Environment
Health
Culture
Society
Lifestyle
Security

OpenAI: Mixpanel Breach Exposed ChatGPT Users’ Names, Emails and Location Data

04:30 AM, 11/29/2025
OpenAI: Mixpanel Breach Exposed ChatGPT Users’ Names, Emails and Location Data

OpenAI confirmed a breach at Mixpanel on 9 November, which exposed names, email addresses, location data, operating systems and browser information for users tied to API accounts. The company says its own systems were not breached and that chats, API usage, passwords, payment data and government IDs were not exposed. OpenAI has removed Mixpanel from production, launched an investigation and warned users to watch for phishing while it tightens third-party security reviews.

OpenAI has confirmed that a third-party data analytics provider, Mixpanel, was breached on 9 November, exposing personal details for some users of ChatGPT tied to API accounts.

What happened

Attackers gained unauthorized access to Mixpanel, which OpenAI used for analytics. The data accessed included users’ names, email addresses, location information, operating systems and browser details. OpenAI says the incident affected only accounts that interact with the company’s API interfaces, not the general ChatGPT user base.

What OpenAI says

“This was not a breach of OpenAI’s systems,” OpenAI wrote, adding that no chat content, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.

The company has removed Mixpanel from its production services and is conducting a security investigation. While there is no evidence the stolen data has been misused so far, OpenAI warned the information could be repurposed for phishing or other social-engineering attacks.

Context and previous incidents

This is not the first time ChatGPT users have been affected by security issues. In March 2023, OpenAI temporarily took ChatGPT offline after a bug allowed some users to view private details of other users, including partial payment information and chat metadata. Later in 2023, cybersecurity firm Group-IB reported that malware had stolen ChatGPT login credentials from more than 100,000 infected devices. OpenAI emphasizes that the Mixpanel incident did not involve a breach of its own servers or core infrastructure.

What users should do

  • Be alert for convincing phishing emails or messages that may reference personal details obtained in the breach.
  • Do not click unexpected links or provide credentials in response to unsolicited requests.
  • Enable two-factor authentication (2FA) where available and review account security settings for any service that uses the OpenAI API.

OpenAI says it will conduct additional and expanded security reviews of third-party apps and services and will raise security requirements for partners and vendors.

Similar Articles

Trending