What happened, in plain English
OpenAI has stopped using Mixpanel after the analytics vendor suffered a security incident that exposed limited profile and analytics data for some users of OpenAI’s API platform (platform.openai.com). OpenAI says its own systems weren’t breached, ChatGPT users were not affected, and no passwords, API keys, payment data, prompts, or chat content were exposed. The company also warned API developers to expect targeted phishing and social‑engineering attempts using exposed names and emails. OpenAI
The short timeline
- November 8–9, 2025: Mixpanel detects a smishing (SMS‑phishing) campaign and later confirms unauthorized access that allowed an attacker to export a dataset. Mixpanel dates initial detection to November 8; OpenAI says Mixpanel became aware of the attacker on November 9. Mixpanel, OpenAI
- November 25, 2025: Mixpanel shares the affected dataset with OpenAI. OpenAI
- November 26–27, 2025: OpenAI discloses the incident publicly, says it removed Mixpanel from production and has now terminated its use. Coverage follows globally. OpenAI, Business Insider, Euronews
What was—and wasn’t—exposed
OpenAI’s disclosure is specific: exposed fields came from Mixpanel’s web analytics on the API frontend, not from OpenAI’s infrastructure or API usage data. OpenAI
Scope of exposed vs. non‑exposed data
| Exposed (from Mixpanel analytics) | Not exposed (per OpenAI) |
|---|---|
| Name on the API account | Passwords, credentials, API keys |
| Email address | Payment details, government IDs |
| Approximate location (city/state/country) from browser | Chat content, prompts, responses, API requests/usage |
| Browser and operating system | Session/authentication tokens for OpenAI services |
| Referring websites | OpenAI infrastructure or ChatGPT user data |
| Organization/User IDs |
OpenAI is notifying impacted orgs and users directly and, for now, isn’t recommending password resets or key rotation because credentials weren’t involved. OpenAI
Why this matters: analytics as supply‑chain risk
If you build with third‑party analytics, this is a timely reminder that “low‑sensitivity” metadata—names, emails, IDs, referrers—can still be weaponized in phishing and executive‑impersonation campaigns. Mixpanel says the intrusion began with smishing; the attacker then exported datasets from within its systems. Mixpanel
- Third‑party involvement in breaches has surged across industries.
- The human element remains a dominant factor in breaches.
- Phishing‑resistant MFA continues to be highly effective against account takeover attempts. <<stat label="MFA efficacy" value=">99% of identity-based attacks blocked" source="microsoft-digital-defense-report-2025">> Microsoft Digital Defense Report 2025
Some security researchers also criticized the decision to send emails and coarse location to a third‑party analytics tool, arguing it may conflict with “data minimization” principles under regulations like GDPR. Euronews
Who else was affected?
Mixpanel serves thousands of companies. Several have acknowledged impact from the same vendor incident, including crypto‑focused services that collected similar profile analytics through Mixpanel. CoinLedger, Business Standard on CoinDCX
Phishing risk: what to watch for
OpenAI’s guidance focuses squarely on phishing and social engineering that may exploit exposed names and emails. OpenAI
What API developers and org admins should do now
OpenAI isn’t asking for password resets or API key rotation at this time, but a few hygiene steps will reduce risk and increase resilience.
TipData minimization pays dividends
Log only what you need. If an identity or referrer isn’t essential to a product question, don’t collect or send it to third parties. Consider server‑side, privacy‑centric analytics that avoid transmitting user emails at all.
The vendor lens: what changes now for analytics in AI stacks
OpenAI says it removed Mixpanel from production and has terminated its use after reviewing the incident. It also plans expanded reviews and elevated security requirements across its vendor ecosystem. OpenAI
Mixpanel, for its part, outlined a fairly standard response: revoking sessions, rotating credentials, blocking malicious IPs, global employee password resets, and bringing in external forensics—consistent with smishing‑led intrusions that pivot to data export. Mixpanel
For AI builders, the takeaways are pragmatic:
- Classify analytics vendors as part of your security boundary, not outside it.
- Treat “metadata only” as sensitive when it can identify a person or org.
- Contract for rapid incident disclosure and data‑sharing forensics (as OpenAI received on November 25), and test the playbook.
Sources
- OpenAI: What to know about a recent Mixpanel security incident (Nov 26, 2025)
- Mixpanel: Our response to a recent security incident (Nov 2025)
- Business Insider coverage
- Euronews report
- Business Standard on CoinDCX
- CoinLedger customer notice
- Verizon Data Breach Investigations Report 2025 (news releases)
- Microsoft Digital Defense Report 2025
