Another day, another security breach. This time, it’s OpenAI’s turn.
OpenAI is notifying users about a new security incident. This breach is more serious than past ones, and some users’ email addresses, names, and general locations were exposed.
OpenAI says that ChatGPT users weren’t impacted by the recent security issue, and their chats, account information, payment details, and IDs are still secure. However, users who access OpenAI’s services through the platform’s API website *did* have some of their data exposed.
Here’s what OpenAI claims has been exposed:
- Names provided to accounts on platform.openai.com
- Email addresses linked to the API accounts via platform.openai.com
- “Coarse approximate location” determined by IP address and web browser
- OS and browser type, as well as referring websites
- Organizataions and user IDs saved into the API accounts
The email to affected users reads as follows.
As an analyst, I want to share details about a recent security incident involving Mixpanel, a data analytics provider we use for website tracking on our API platform (platform.openai.com). The issue happened within Mixpanel’s own systems, and only affected a small amount of analytics data connected to your API account. We believe in being upfront about these things, so we wanted to make you aware.
This incident did not involve any unauthorized access to OpenAI’s systems. No user information – including chats, API requests, account details, passwords, payment information, or government IDs – was accessed or revealed.
On November 9, 2025, Mixpanel discovered a security breach where someone gained unauthorized access to their systems and copied a limited amount of customer and analytics data. They informed OpenAI about the incident and shared the affected data with us on November 25, 2025.
OpenAI has temporarily disconnected from Mixpanel while they look into a security breach. They are advising users to be extra careful about phishing attempts and scams that might try to use the compromised information.
OpenAI controls vast swathes of very personal information on millions of people
OpenAI has faced criticism before regarding how it handles user privacy and safety. As more people share personal and sensitive information with tools like ChatGPT, security is becoming a major concern for companies like OpenAI and Microsoft.
As a researcher investigating this data breach, I can confirm that thankfully, no actual ChatGPT conversations or government-issued IDs used for age verification were exposed. However, the fact that this vulnerability even existed is concerning and doesn’t inspire much confidence in the company’s security measures.
Data breaches happen frequently now, and I try to protect myself by using different email addresses for each account. It’s a lot of work, though. Beyond just losing privacy, many people using ChatGPT likely wouldn’t want their conversations becoming public for various reasons.
It’s good that OpenAI quickly notified users about the data issue, just two days after it was discovered. However, preventing these kinds of incidents from happening in the first place would be the best outcome.
Remember to slap multi-factor authentication on all of your accounts, folks.
Read More
- Hazbin Hotel season 3 release date speculation and latest news
- Where Winds Meet: How To Defeat Shadow Puppeteer (Boss Guide)
- Dolly Parton Addresses Missing Hall of Fame Event Amid Health Concerns
- 10 Chilling British Horror Miniseries on Streaming That Will Keep You Up All Night
- 🤑 Crypto Chaos: UK & US Tango While Memes Mine Gold! 🕺💸
- Jelly Roll’s Wife Bunnie Xo Addresses His Affair Confession
- The Mound: Omen of Cthulhu is a 4-Player Co-Op Survival Horror Game Inspired by Lovecraft’s Works
- You Won’t Believe What Happens to MYX Finance’s Price – Shocking Insights! 😲
- 5 Perfect Movie Scenes That You Didn’t Realize Had No Music (& Were Better For It)
- World of Warcraft leads talk to us: Player Housing, Horde vs. Alliance, future classes and specs, player identity, the elusive ‘Xbox version,’ and more
2025-11-27 11:09