What to Know About the Recent Mixpanel Security Incident?

1764477520

November 26, 2025 — OpenAI

OpenAI is committed to transparency, especially when it comes to user security. We want to update you on a recent incident involving Mixpanel security incident, a third-party analytics provider previously used for web analytics on the API platform (platform.openai.com).

This incident did not involve any breach of OpenAI’s systems. It was isolated to Mixpanel’s environment. Most importantly, no chats, API keys, passwords, payment information, or sensitive user content were exposed.

What Happened

On November 9, 2025, Mixpanel detected unauthorized access within part of their internal systems. During that intrusion, an attacker exported a dataset containing limited customer-identifiable analytics information.

Mixpanel informed OpenAI about the issue during their investigation. On November 25, 2025, they provided OpenAI with the affected dataset so that we could conduct our own detailed security review.

What Information Was Potentially Impacted by the Mixpanel security incident?

Some users of the API platform may have had limited profile and analytics information included in the exported data. The data may have included:

  • Full name provided on the API account
  • Email address linked to the API account
  • Approximate location inferred from browser (city, state, country)
  • Operating system and browser type
  • Referring websites
  • Organization or User IDs associated with the API account

Importantly, none of the following were affected:

  • ChatGPT data
  • API prompts, responses, or usage logs
  • API keys or authentication credentials
  • Passwords or payment information
  • Government-issued IDs
  • Session tokens or sensitive security parameters

How We Responded

Once informed, OpenAI took several immediate actions:

  1. Removed Mixpanel from production systems to prevent any further data flow.
  2. Reviewed the dataset independently to gauge the scope of impact.
  3. Coordinated with Mixpanel and other vendors to verify system integrity.
  4. Began notifying all impacted users, organizations, and admins directly.
  5. Increased security requirements across the vendor ecosystem.

We have found no evidence that any OpenAI system or customer data (outside Mixpanel’s analytics environment) was compromised.

Mixpanel security incident
What to Know About the Recent Mixpanel Security Incident? 4

What You Should Be Aware Of

Although the exposed data was limited, attackers could attempt:

  • Phishing attacks
  • Social engineering attempts
  • Spam targeting accounts associated with OpenAI API usage

To protect yourself, please keep the following in mind:

  • Be cautious of unexpected emails, links, or attachments.
  • Verify that messages claiming to be from OpenAI come from official domains.
  • OpenAI will never ask you for passwords, API keys, or verification codes via email, SMS, or chat.
  • Enable multi-factor authentication (MFA) on your account for extra security.

FAQ

Why did OpenAI use Mixpanel?

Mixpanel was used to analyze general usage patterns on platform.openai.com, helping us improve the API experience.

Was this caused by a vulnerability in OpenAI systems?

No. The incident occurred entirely within Mixpanel’s systems.

How will I know if I was affected?

OpenAI is notifying all impacted users and organizations through email.

Was any API data, prompt content, or ChatGPT data affected?

No. Your API requests, chat content, and usage data were not part of this incident.

Were ChatGPT accounts impacted?

No. This incident only affected some analytics data for API platform users.

Was sensitive information like passwords, API keys, or payments exposed?

No. None of these were affected.

Do I need to change my password or rotate my API keys?

This is not required since credentials were not impacted.

Has Mixpanel been removed from OpenAI products?

Yes. OpenAI has fully discontinued the use of Mixpanel.

Should I enable multi-factor authentication?

Absolutely — it is always recommended for stronger account security.

Will there be future updates?

Yes. If new information emerges that may affect impacted users, OpenAI will provide updates.

Who can I contact for questions?

You can reach our support team at mixpanelincident@openai.com.

OpenAI’s Commitment

Security, privacy, and trust remain at the core of everything we build. We will continue to strengthen our systems, hold partners to high standards, and communicate transparently whenever issues arise.

Thank you for your continued trust in OpenAI.

Leave a Comment

Your email address will not be published. Required fields are marked *