Ticker

6/recent/ticker-posts

Ad Code

Responsive Advertisement

Mixpanel, a data analytics provider for OpenAI has suffered a breach

technologyhacks41 novembre 27, 2025

OpenAI has revealed that one of its data analytics providers has been breached. Mixpanel fell victim to a smishing campaign.

Smishing, aka SMS phishing, refers to an attack where deceptive text messages are sent to individuals tricking them into click on malicious links, or enter sensitive information.

OpenAI has confirmed that none of its systems were compromised by this attack. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed. That's important to disclose because this isn't a direct ChatGPT breach like some outlets have been reporting. That's misleading, this appears to be a limited data breach.

Well, at least it wasn't as bad as the Discord customer service data breach where thousands of government-ID photos were leaked.

Anyway, Mixpanel's own disclosure about the security incident can be found here. The analytics firm says it detected a smishing campaign on its network on November 8, 2025, and responded to it by taking steps to contain the leak, and removing unauthorized access to user data. The company has sent out emails to customers impacted by the breach.

Mixpanel didn't really reveal the impact of the incident, but OpenAI did. According to OpenAI, the leak included user profile information from https://ift.tt/4zy8Y6R that was exported from Mixpanel. This domain in question is meant for developers, contains support documentation, tutorials, API related stuff, etc. It's not something a regular ChatGPT user may have accessed.

The following was accessed by the threat actors:

  • Name that was provided to us on the API account
  • Email address associated with the API account
  • Approximate coarse location based on API user browser (city, state, country)
  • Operating system and browser used to access the API account
  • Referring websites
  • Organization or User IDs associated with the API account

Okay, this raises some serious questions. That's more than just telemetry. Why would an analytics provider have access to so much user information? Why wasn't the data anonymized? OpenAI has to share some of the blame for allowing this.

Mixpanel had notified OpenAI about the incident, but only shared the affected dataset with the company on November 25, 2025. OpenAI for its part removed Mixpanel from its production services, reviewed the affected datasets, and is working with Mixpanel and others to investigate the scope of the incident. It is also notifying impacted users, organizations, etc.

OpenAI says it has terminated its use of Mixpanel. It is advising users to enable multi-factor authentication for their accounts, and to watch out for unexpected emails and messages that may claim to originate from OpenAI requesting passwords, API keys, verification codes, etc.

On a sidenote, ChatGPT and Copilot are exiting WhatsApp due to a change in Meta's policy.

Thank you for being a Ghacks reader. The post Mixpanel, a data analytics provider for OpenAI has suffered a breach appeared first on gHacks Technology News.

Enregistrer un commentaire

0 Commentaires

Emoji
(y)
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)