OpenAI is informing some users that they may be impacted by a recent data breach at product analytics and event-tracking solutions provider Mixpanel.
Mixpanel disclosed the security incident on Thursday, saying that it was detected on November 8. The company described it as a “smishing campaign” and noted that a “limited number of customers” are affected.
The company did not share any technical information on the intrusion, but pointed out that it secured affected accounts, rotated compromised credentials, revoked active sessions, reset employee passwords, and blocked malicious IPs in response to the incident.
While Maxpanel shared little information on the cyberattack, OpenAI, one of the affected customers, has provided more details regarding impact.
The AI giant uses Mixpanel for web analytics, to help it understand product usage and improve the API product (platform.openai.com).
OpenAI said there was no unauthorized access to its own infrastructure and the data breach did not affect ChatGPT chat content, prompts, responses, or API usage data. OpenAI passwords, API keys, payment information, account credentials, and government IDs were not compromised.
“Users of ChatGPT and other products were not impacted,” OpenAI said.
However, the attacker did steal “a dataset containing limited customer identifiable information and analytics information”.
Specifically, the hackers obtained user profile information associated with ‘platform.openai.com’, including name, email address, approximate location based on the user’s browser (such as city, state, and country), operating system and browser, organization or user ID, and referring website.
OpenAI warned that the compromised information could be useful to threat actors for phishing and social engineering attacks.
“As part of our security investigation, we removed Mixpanel from our production services, reviewed the affected datasets, and are working closely with Mixpanel and other partners to fully understand the incident and its scope. We are in the process of notifying impacted organizations, admins, and users directly. While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse,” OpenAI said.
Related: SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability
Related: WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation
Related: Microsoft Highlights Security Risks Introduced by New Agentic AI Feature
