Organisation: OpenAI
Incident date: November 9, 2025
Nature of incident: Third-party analytics data breach affecting API users
Status: Confirmed
Reported by: OpenAI and Mixpanel, with independent media confirmation
OpenAI has confirmed that a security incident at its analytics provider Mixpanel exposed limited analytics data linked to some users of its API platform. At the same time, OpenAI’s own systems and ChatGPT consumer accounts were not breached. The case underscores how telemetry and analytics vendors can serve as an indirect channel for customer information in large SaaS and AI ecosystems.
According to OpenAI’s incident note, Mixpanel detected on November 9, 2025, that an attacker had gained unauthorized access to part of its infrastructure and exported a dataset containing “limited customer identifiable information and analytics information.” Mixpanel notified OpenAI during its investigation and provided a subset of affected data for OpenAI customers on November 25, after which OpenAI published its advisory and began notifying impacted API users.
The exposed dataset relates to users who accessed OpenAI’s API frontend at platform.openai.com while Mixpanel tracking was active. OpenAI reports that the data may include the name on the API account, the email address associated with that account, an approximate city- or region-level location derived from browser and operating system details, referring websites, and the organization or user ID tied to the API account. No chat content, prompts, API request data, passwords, API keys, payment information, government IDs, or session tokens were included in the exported dataset.
For affected individuals and organizations, the primary risk is that this set of identifiers and usage context could be reused in targeted phishing or social-engineering campaigns. With accurate names, emails, locations, and OpenAI-specific user IDs, attackers can craft messages that appear closely aligned to genuine OpenAI or developer-platform communications, potentially increasing the likelihood of credential theft or further compromise even though no passwords or keys were leaked in this incident.
At a broader level, the incident illustrates how analytics and behavioral-tracking tools can expand the effective attack surface for organizations adopting AI platforms. Even when a provider’s core infrastructure is not directly accessed, regulators and enterprise security teams may still treat the leakage of customer-identifying metadata from third-party vendors as a material privacy and security issue, prompting renewed scrutiny of vendor onboarding, data minimization practices, and contractual security requirements.
In its public statement, OpenAI stressed that “this was not a breach of OpenAI’s systems,” and said it has removed Mixpanel from its production services, is notifying affected organizations and users, and is conducting wider security reviews across its vendor ecosystem with elevated requirements for partners. OpenAI+2SecurityBrief Australia+2 Mixpanel, for its part, attributes the breach to a smishing (SMS-phishing) campaign that led to unauthorized access, and says it has revoked active sessions, rotated credentials, blocked malicious IP addresses, and engaged external cybersecurity investigators while working with impacted customers and law enforcement.
Taken together, the OpenAI–Mixpanel incident is a confirmed example of third-party analytics exposure: while no chat logs, API content, credentials, or payment data were compromised, the leak of identifiable customer metadata is still significant for phishing risk and vendor-management obligations, and is likely to inform how organizations assess and govern analytics providers in AI-driven environments in the future.
Worried about your online data? Run a leak check now at Am I Hacked and protect your online security today.