InfoSecBulletin Cybersecurity for mankind
OpenAI has revealed a data breach involving Mixpanel, a third-party analytics provider that was used to monitor API platform usage. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata.
OpenAI stated that the incident came from Mixpanel’s infrastructure and did not involve any attack on OpenAI’s systems. On November 9, 2025, Mixpanel found unauthorized access and discovered an attacker had exported customer data.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Mixpanel notified OpenAI about the breach and, by November 25, 2025, shared the specific dataset affected. Data affected was only from OpenAI’s API users through the platform.openai.com interface. ChatGPT and other OpenAI services were not impacted.
After Mixpanel’s notification, OpenAI quickly removed all Mixpanel analytics integrations from its services and reviewed the impacted datasets. The company is collaborating with Mixpanel to fully evaluate the breach and is informing all affected organizations, admins, and users.
OpenAI advises users to be alert for phishing or social engineering attacks because of the exposed data. If you get an unexpected email or message, you should:
Treat unexpected emails or messages with caution, especially if they include links or attachments.
Double-check that any message claiming to be from OpenAI is sent from an official OpenAI domain.
OpenAI does not request passwords, API keys, or verification codes through email, text, or chat.
Further protect your account by enabling multi-factor authentication (opens in a new window).
The incident highlights the risks of third-party service providers and the need for ongoing security reviews and strong vendor management to protect user data.
