OpenAI API users customer data exposed after OpenAI breach
Data Leak
Summary
Hide ▲
Show ▼
OpenAI warned that API users may have had limited account and analytics data exposed after Mixpanel suffered unauthorized access. The exposure matters because the exported dataset included names, email addresses, coarse location, browser and operating-system details, which can support phishing or social engineering. The incident began on November 9, and the dataset was shared with OpenAI on November 25.
Related Happenings
Mistral AI internal repositories and source code leak
Data Leak
First: 15.05.2026 01:50
Last: 15.05.2026 01:50
Sources 1
About this happening:
A **TeamPCP** forum post claims **Mistral AI** source code and internal repositories were stolen and are now being offered for sale, creating a risk of public release. The alleged...
Mistral AI internal repositories and source code leak
Data LeakAbout this happening: A **TeamPCP** forum post claims **Mistral AI** source code and internal repositories were stolen and are now being offered for sale, creating a risk of public release. The alleged...
OpenAI hit by cyberattack
Incident
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
About this happening:
OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
OpenAI hit by cyberattack
IncidentAbout this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
Vulnerability
First: 31.03.2026 16:01
Last: 31.03.2026 16:01
Sources 1
About this happening:
A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
VulnerabilityAbout this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
OpenAI Safety Bug Bounty launch
Commercial Activity
First: 26.03.2026 14:20
Last: 26.03.2026 14:20
Sources 1
About this happening:
**OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...
OpenAI Safety Bug Bounty launch
Commercial ActivityAbout this happening: **OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...
Crunchyroll hit by network compromise
Incident
First: 23.03.2026 21:21
Last: 23.03.2026 21:21
Sources 1
About this happening:
Crunchyroll is investigating a **breach** that allegedly exposed support systems and user data, putting about **6.8 million** people at risk. The claimed intrusion involved a **su...
Crunchyroll hit by network compromise
IncidentAbout this happening: Crunchyroll is investigating a **breach** that allegedly exposed support systems and user data, putting about **6.8 million** people at risk. The claimed intrusion involved a **su...
Timeline
-
27.11.2025 13:15 1 articles · 6mo ago
Unauthorized access to Mixpanel systems and export of API user data
Exploitation ObservedAn attacker gained unauthorized access to part of Mixpanel’s systems and exported a dataset containing limited customer identifiable information and analytics information, creating exposure risk for platform.openai.com API account records that could include names, email addresses, coarse location, operating system, browser, referring websites, and organization or user IDs.
Show sources
- OpenAI Warns of Mixpanel Data Breach Impacting API Users — www.infosecurity-magazine.com — 27.11.2025 13:15
-
27.11.2025 13:15 1 articles · 6mo ago
Mixpanel shares the exported dataset with OpenAI
Initial DisclosureAfter an internal investigation, Mixpanel shared the exported dataset with OpenAI, confirming that users of platform.openai.com’s API may have been included in the data exposure.
Show sources
- OpenAI Warns of Mixpanel Data Breach Impacting API Users — www.infosecurity-magazine.com — 27.11.2025 13:15
-
27.11.2025 13:15 2 articles · 6mo ago
OpenAI warns API users and removes Mixpanel from production services
Mitigation Patch UpdateOpenAI told API users that some data may have been exposed, said ChatGPT and core API assets were not impacted, removed Mixpanel from production services, began notifying potentially affected users and organizations, and expanded security reviews across its vendor ecosystem.
Show sources
- OpenAI Warns of Mixpanel Data Breach Impacting API Users — www.infosecurity-magazine.com — 27.11.2025 13:15
- OpenAI Warns of Mixpanel Data Breach Impacting API Users — www.infosecurity-magazine.com — 27.11.2025 13:15
-
27.11.2025 13:15 1 articles · 6mo ago
OX Security outlines Mixpanel data collection and phishing risk
Technical Analysis UpdateOX Security described the kinds of information Mixpanel can collect, including current page, operating system, browser name, referring website, device unique identifier, current page title, browser version, email, name, location information, adblock status, and screen dimensions, while OpenAI warned that compromised profile data could be used for phishing or social engineering.
Show sources
- OpenAI Warns of Mixpanel Data Breach Impacting API Users — www.infosecurity-magazine.com — 27.11.2025 13:15