Artificial Intelligence

OpenAI User Data Exposed in Mixpanel Hack

Multiple Mixpanel customers were impacted by a recent cyberattack targeting the product analytics company. 

OpenAI

OpenAI is informing some users that they may be impacted by a recent data breach at product analytics and event-tracking solutions provider Mixpanel.

Mixpanel disclosed the security incident on Thursday, saying that it was detected on November 8. The company described it as a “smishing campaign” and noted that a “limited number of customers” are affected.

The company did not share any technical information on the intrusion, but pointed out that it secured affected accounts, rotated compromised credentials, revoked active sessions, reset employee passwords, and blocked malicious IPs in response to the incident. 

While Maxpanel shared little information on the cyberattack, OpenAI, one of the affected customers, has provided more details regarding impact.

The AI giant uses Mixpanel for web analytics, to help it understand product usage and improve the API product (platform.openai.com). 

OpenAI said there was no unauthorized access to its own infrastructure and the data breach did not affect ChatGPT chat content, prompts, responses, or API usage data. OpenAI passwords, API keys, payment information, account credentials, and government IDs were not compromised.

Advertisement. Scroll to continue reading.

“Users of ChatGPT and other products were not impacted,” OpenAI said.

However, the attacker did steal “a dataset containing limited customer identifiable information and analytics information”.

Specifically, the hackers obtained user profile information associated with ‘platform.openai.com’, including name, email address, approximate location based on the user’s browser (such as city, state, and country), operating system and browser, organization or user ID, and referring website.

OpenAI warned that the compromised information could be useful to threat actors for phishing and social engineering attacks. 

“As part of our security investigation, we removed Mixpanel from our production services, reviewed the affected datasets, and are working closely with Mixpanel and other partners to fully understand the incident and its scope. We are in the process of notifying impacted organizations, admins, and users directly. While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse,” OpenAI said.

Related: SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability

Related: WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation

Related: Microsoft Highlights Security Risks Introduced by New Agentic AI Feature

Related Content

Artificial Intelligence

An attacker can create a malicious repository containing a git.exe in the project root, and Cursor executes it automatically.

Artificial Intelligence

The new program stems from an AI-focused Executive Order signed by President Trump on June 2.

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Artificial Intelligence

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Artificial Intelligence

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

Artificial Intelligence

Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version