Find notable cyber news and cases, enriched with sources, timelines, and signals.

OpenAI API users customer data exposed after OpenAI breach

Data Leak
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

OpenAI warned that API users may have had limited account and analytics data exposed after Mixpanel suffered unauthorized access. The exposure matters because the exported dataset included names, email addresses, coarse location, browser and operating-system details, which can support phishing or social engineering. The incident began on November 9, and the dataset was shared with OpenAI on November 25.

Related Happenings

OpenAI ChatGPT Atlas BioShocking fix

Advisory/Mitigation
H score34 First: 01.07.2026 00:50 Last: 01.07.2026 00:50 Sources 1

About this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...

IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays

Technical Analysis
H score27 First: 30.06.2026 16:49 Last: 30.06.2026 16:49 Sources 1

About this happening: **LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...

Poisoned Tenant OpenAI organization invite campaign

Campaign
H score35 First: 26.06.2026 20:49 Last: 26.06.2026 20:49 Sources 1

About this happening: The **Poisoned Tenant** campaign is using fraudulent **OpenAI organizations** to lure targeted employees into shared **ChatGPT workspaces**, creating a risk of sensitive company d...

OpenAI rolls out ChatGPT Lockdown Mode and Active Sessions for prompt-injection defense and sign-in auditing

Security Tool/Service
H score10 First: 08.06.2026 17:00 Last: 08.06.2026 17:00 Sources 1

About this happening: OpenAI rolled out **Lockdown Mode** and **Active Sessions** in **ChatGPT**, adding controls that reduce **prompt-injection data exfiltration** risk and improve **signed-in session...

OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths

Security Tool/Service
H score10 First: 06.06.2026 16:36 Last: 06.06.2026 16:36 Sources 1

About this happening: **OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...

Timeline

  1. 27.11.2025 13:15 1 articles · 7mo ago

    Unauthorized access to Mixpanel systems and export of API user data

    Exploitation Observed

    An attacker gained unauthorized access to part of Mixpanel’s systems and exported a dataset containing limited customer identifiable information and analytics information, creating exposure risk for platform.openai.com API account records that could include names, email addresses, coarse location, operating system, browser, referring websites, and organization or user IDs.

    Show sources
  2. 27.11.2025 13:15 1 articles · 7mo ago

    Mixpanel shares the exported dataset with OpenAI

    Initial Disclosure

    After an internal investigation, Mixpanel shared the exported dataset with OpenAI, confirming that users of platform.openai.com’s API may have been included in the data exposure.

    Show sources
  3. 27.11.2025 13:15 2 articles · 7mo ago

    OpenAI warns API users and removes Mixpanel from production services

    Mitigation Patch Update

    OpenAI told API users that some data may have been exposed, said ChatGPT and core API assets were not impacted, removed Mixpanel from production services, began notifying potentially affected users and organizations, and expanded security reviews across its vendor ecosystem.

    Show sources
  4. 27.11.2025 13:15 1 articles · 7mo ago

    OX Security outlines Mixpanel data collection and phishing risk

    Technical Analysis Update

    OX Security described the kinds of information Mixpanel can collect, including current page, operating system, browser name, referring website, device unique identifier, current page title, browser version, email, name, location information, adblock status, and screen dimensions, while OpenAI warned that compromised profile data could be used for phishing or social engineering.

    Show sources