OpenAI has confirmed a security breach that exposed personal data of ChatGPT users, following unauthorised access to third-party analytics provider Mixpanel on 9 November.
Stolen information includes names, email addresses, location data, operating system, and browser details. Only users with accounts accessing OpenAI's API interfaces are affected.
OpenAI stated that its own systems were not breached, and no chat data, API requests, passwords, credentials, API keys, payment details, or government IDs were compromised. The company has removed Mixpanel from production services and is conducting a security investigation.
No misuse of the stolen data has been detected, but OpenAI warned of potential phishing or social engineering attacks. This incident follows previous security issues, including a March 2023 bug exposing user details and malware stealing login credentials later that year.
OpenAI said it will expand security reviews of third-party services and elevate security requirements for all partners and vendors.
