OpenAI is dealing with a customer data leak connected to a compromise at third-party analytics provider Mixpanel. The exposed information belonged to API users and included personal and technical metadata, but OpenAI says more sensitive categories of data were not accessed.
The incident is a reminder that AI platforms do not only depend on their own systems. External analytics and service providers can also become part of the risk surface when customer metadata moves through them.
What was exposed
According to OpenAI, unauthorized parties exported records after Mixpanel was compromised. The exposed records included names, email addresses, and approximate location data.
The data also included information about operating systems and browsers. Organization and user IDs were part of the exposed records as well, along with referring websites.
That means the leak centered on identifying and contextual information rather than the most sensitive account or product data. Even so, metadata can still matter. Names and email addresses can help an attacker identify a target, while approximate location data, browser details, and referring websites can add context that makes a malicious message look more convincing.
The exposed categories named in the source are:
- Names
- Email addresses
- Approximate location data
- Operating systems
- Browsers
- Organization and user IDs
- Referring websites
What OpenAI says was not accessed
OpenAI says critical information was not accessed during the breach. The company specifically named passwords, API keys, and chat content as data that was not reached.
That distinction is important for API users because API keys can provide access to services, and chat content can include user-submitted material. Based on OpenAI’s statement as described in the source, those categories were outside the compromised data.
OpenAI also confirmed that ChatGPT users are not affected. The source ties the exposed customer data to API users, not the consumer ChatGPT user base.
For affected organizations, the practical issue is therefore not a disclosed password or leaked API key, according to the available information. The more immediate concern is that exposed metadata could be used to craft phishing attempts that reference real account details, organizations, locations, technical environments, or prior web activity.
How OpenAI responded
The incident took place on November 9, 2025. After it happened, OpenAI immediately stopped using Mixpanel.
OpenAI is notifying affected organizations directly. The company is also warning them to watch out for phishing attempts that could use the stolen metadata.
That warning follows logically from the type of data exposed. An email address alone can be used for phishing, but a message can become more persuasive if it also reflects a person’s organization, approximate location, browser, operating system, or a referring website. The source does not describe any specific phishing campaign, but it does say OpenAI is telling affected organizations to be alert to attempts that might exploit the stolen metadata.
OpenAI also plans to enforce stricter security requirements for external partners. The source does not list those requirements, but the direction is clear: the company is treating third-party vendor security as a larger part of its own customer protection responsibilities.
Why the Mixpanel link matters
The leak did not originate from OpenAI’s core systems as described in the source. It followed a hack at Mixpanel, a third-party analytics provider used by OpenAI.
That detail matters because analytics tools often process information that helps companies understand product usage, traffic sources, device environments, and customer activity. Even when such data does not include passwords, API keys, or chat content, it can still connect people, organizations, and technical context in useful ways.
For API users, the exposed data points are not equal in sensitivity, but they can become more powerful when combined. A name and email address identify a person. Organization and user IDs connect that person to a service context. Browser and operating system details can make a fake support or security message appear more tailored. Referring websites can hint at how someone reached a service or product environment.
The source does not say that all affected records contained every category of information. It says unauthorized parties exported records containing the listed types of data. The safest reading is that affected organizations should assume exposed metadata may be used in targeted outreach and should treat unexpected messages with caution.
What API customers should take from it
The most important point is the boundary OpenAI drew around the leak. The exposed data involved API user customer metadata. OpenAI says passwords, API keys, and chat content were not accessed, and ChatGPT users are not affected.
The second point is operational. OpenAI is contacting affected organizations directly, so organizations that receive a notification should pay close attention to the phishing risk described by the company.
The third point is broader. AI services depend on outside vendors for parts of their operations, including analytics. When one of those vendors is compromised, customer data can be exposed even if the primary service provider says critical internal information was not accessed.
OpenAI’s decision to stop using Mixpanel immediately and move toward stricter requirements for external partners shows how the company is framing the incident. The issue is not only the records already exported. It is also the need to reduce similar vendor-related exposure in the future.