OpenAI user information leak… API account exposure due to a Mixpanel Hacker attack.

2025-11-27 21:57:48

ChatGPT developer OpenAI has experienced a security incident involving the leakage of user account information. This leak originated from a hacker event at the data analysis platform Mixpanel, where it has been confirmed that hackers successfully infiltrated internal systems and obtained personal information from some OpenAI API users.

OpenAI officially released a statement through its blog, revealing that Mixpanel first detected a hacker attack on November 8, and within a few days, relevant data was obtained. It is reported that in this incident, the hacker stole Mixpanel system permissions through SMS phishing methods, leading to the leakage of account-related data of some OpenAI API users.

It has been confirmed that the leaked information includes user names, email addresses, residential locations, etc., as well as technical details such as the operating system information and browser type used to run the API. However, it is reported that sensitive data such as payment information or prompt words input in the API were not leaked in this incident.

After the incident, OpenAI immediately suspended all data integration with Mixpanel and is notifying affected users one by one. The company's relevant personnel warned that the stolen information could be used for subsequent phishing attacks, but stated that there is currently no need to reset passwords or authentication keys.

Security experts emphasize that this incident serves as a warning that data analysis tools also face security threats. API security professional organization APIContext's CEO Mayur Upadhyay pointed out: “Without visibility, no vulnerabilities can be prevented,” and stressed the need to improve monitoring systems and supply chain security standards.

Mixpanel has stated that it has currently frozen the accounts of affected customers, mandated all employees to reset their passwords, and fully banned the IP addresses used by the Hacker. However, no other affected customers have been confirmed apart from OpenAI. Given that Mixpanel serves over 29,000 tech companies globally, there are concerns in the industry about the potential widespread ripple effects.

This incident once again highlights that the security threats against large generative AI companies have become a reality. Although OpenAI and its competitors continue to build multi-layered defense systems and strengthen technical security mechanisms, the risk of third-party intrusions exploiting vulnerabilities in related systems still exists.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.