Published on: Nov 28, 2025 11:48 am IST
OpenAI explained the situation after publishing an advisory on its website.
ChatGPT users around the world are receiving unexpected security alerts from OpenAI about a data breach. At first glance, the notification looks alarming, but the company has clarified that most users are completely unaffected. The incident stems from a breach at Mixpanel, a third party analytics provider used by OpenAI for tracking activity on its API dashboard, not the main ChatGPT product.
OpenAI explained the situation after publishing an advisory on its website. The company says it is notifying every subscriber in the interest of transparency, even though only a small subset of users may have had their data exposed. The breach did not involve OpenAI’s own systems and did not compromise chat histories, passwords, API keys, payment details, or any form of sensitive personal information.
The affected group is limited to those who maintain an API account and use platform.openai.com. According to OpenAI, some profile level data may have been included in Mixpanel’s exported logs. This includes names registered with the API account, linked email addresses, approximate location based on browser data, operating system and browser information, referrer websites, and internal user or organisation IDs.
The company says it has already removed Mixpanel from all production systems and launched a full investigation to determine the scope of the breach. It is also contacting organisations and administrators directly to help them understand whether any of their team accounts fall into the impacted category.
While Apple was reportedly among the companies whose staff may have been exposed through API usage, OpenAI stresses that no customer data from any firm was compromised.
OpenAI’s decision to alert every ChatGPT user, even those unaffected, appears designed to avoid confusion and ensure that the incident does not trigger misinformation. For regular ChatGPT users who rely only on the app or website for conversations, the notification does not indicate any risk to their personal information.
For API developers who have received the same message, the company recommends reviewing the details shared by OpenAI and monitoring their registered email for further updates as the investigation progresses.
