OpenAI Confirms User Data Compromised in Third-Party Security Breach
Artificial intelligence company OpenAI has publicly confirmed that a security breach compromised the personal information of certain ChatGPT users. The incident occurred on 9 November 2025, with the company revealing details about the unauthorized access to user data.
What Data Was Exposed in the Breach?
The security incident did not directly target OpenAI's own systems but instead involved unauthorized access to Mixpanel, a third-party data analytics provider used by the company. According to OpenAI's statement, the stolen information includes users' names, email addresses, location data, operating system details, and browser information.
Importantly, the breach only affected users with API interface accounts, meaning regular ChatGPT users were not impacted. The company has emphasized that no chat content, passwords, payment details, or API keys were compromised during this incident.
OpenAI's Response and Security Enhancements
OpenAI has taken immediate action following the discovery of the breach. The company has removed Mixpanel from its services and launched a full investigation into the incident. Currently, there is no evidence that the stolen data has been misused.
Looking forward, OpenAI has committed to enhancing its security protocols, specifically planning to strengthen security reviews for all third-party partners and vendors. This move aims to prevent similar incidents occurring through external service providers in the future.
The company continues to monitor the situation and has assured users that they will provide updates if any new information emerges about the ChatGPT data breach or potential misuse of the exposed information.
