https://www.geeknetic.es/Noticia/36712/OpenAI-confirma-una-brecha-de-seguro-en-uno-de-sus-proveedores-estos-son-los-datos-filtrados-de-los-usuarios-de-su-API.html

https://www.geeknetic.es/Noticia/36712/OpenAI-confirma-una-brecha-de-seguro-en-uno-de-sus-proveedores-estos-son-los-datos-filtrados-de-los-usuarios-de-su-API.html

ByEthan Collins

OpenAI has issued a statement reporting a security incident that has compromised the information of certain users. The company has clarified that the intrusion did not occur in its own systems, but in those of Mixpanela third-party data analytics company that they used to manage usage metrics in their API web interface, hosted on platform.openai.com. The attack, which was detected by the provider on November 9, 2025, has resulted in the unauthorized extraction of records belonging to clients who use the technology development services.

It is crucial to note that ChatGPT users have not been affected for this event. According to the official report, the attackers did not manage to access critical information such as passwords, API keys, credit card data, identity documents or the content of conversations or prompts sent to artificial intelligence. However, the leak does include personal data such as names, email addressesuser and organization identifiers, as well as technical information about the browser, operating system and approximate location of those affected.

Immediate break with the supplier and alert against possible phishing campaigns

OpenAI’s response to the incident has been blunt. After receiving forensic details of the investigation on November 25, the company has decided terminate your use of Mixpanel and remove your tools from all your production services immediately. The security team is currently notifying impacted organizations and administrators directly. In parallel, they have initiated a comprehensive security review across their entire ecosystem of third-party suppliers to raise protection standards and prevent future vulnerabilities in the supply chain.

Although access credentials remain secure, exposure to emails associated with real names and user IDs increases the risk of social engineering attacks. OpenAI urges its users to exercise caution against suspicious emails or phishing attempts that appear to come from official sources. As an essential preventive measure, the company strongly recommends activating the two factor authentication on all accounts to mitigate any unauthorized access attempts resulting from this breach.

Ethan Collins
Ethan Collins

As a dedicated tech enthusiast and writer at IRC Junkie, I explore the latest innovations in software and hardware. With a background in computer science, I thrive on simplifying complex technological concepts for our readers. My goal is to inspire curiosity and understanding in the ever-evolving world of technology.