Skip to main content

PSA: OpenAI is notifying all users of a data breach, but you probably aren’t affected

Avatar for Ben Lovejoy  | Nov 27 2025 - 4:43 am PT
1 Comment
OpenAI is notifying all users of a data breach, but you probably aren't affected | IPhone app shown

If you receive a notification from ChatGPT provider OpenAI that one of its partners has suffered a data breach, it’s likely that your own data is safe. Only those who have an API account may have been affected

The company says it is being transparent by notifying all subscribers, even though only a small subset of them will have been impacted …

The company shared the information on its website.

Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider OpenAI used for web analytics on the frontend interface for our API product (platform.openai.com⁠).

Bleeping Computer reports that OpenAI is notifying all users despite the fact that most will not be impacted.

OpenAI has started an investigation to determine the full scope of the incident. As a precaution, it has removed Mixpanel from its production services and is notifying organizations, administrators, and individual users directly.

While OpenAI underlines that only users of its API are impacted, it notified all its subscribers.

The company stresses that its own systems were not accessed and that no ordinary user data was exposed.

This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.

Even for API account holders, limited data was compromised.

User profile information associated with the use of platform.openai.com may have been included in data exported from Mixpanel. The information that may have been affected was limited to:

  • Name that was provided to us on the API account 
  • Email address associated with the API account
  • Approximate coarse location based on API user browser (city, state, country)
  • Operating system and browser used to access the API account
  • Referring websites
  • Organization or User IDs associated with the API account

Apple may have been included in the breach, but no customer data will have been exposed.

9to5Mac’s Take

If you’re not sure whether you could be affected by this, then you’re not: API account holders will know who they are. It is, however, heartening to see a company being so completely transparent about a data breach.

Highlighted accessories

Photo by Solen Feyissa on Unsplash

Add 9to5Mac as a preferred source on Google Add 9to5Mac as a preferred source on Google

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

Privacy

Privacy

Privacy is a growing concern in today's world. F…
Security

Security
ChatGPT OpenAI

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear

Dell 49-inch curved monitor

Dell 49-inch curved monitor