OpenAI has announced a security incident involving its third-party analytics provider Mixpanel, which occurred within Mixpanel’s systems and did not compromise OpenAI’s core infrastructure. The breach, detected by Mixpanel on November 9, involved unauthorized access leading to the export of a dataset containing limited user information linked to OpenAI’s API platform, specifically on platform.openai.com. The affected data included user names, email addresses, approximate locations, operating systems, browsers, referring websites, and organization or user IDs. Importantly, no chat data, API requests, API usage, passwords, API keys, payment details, or government IDs were exposed. OpenAI responded swiftly by removing Mixpanel from its services, terminating its use of the platform, and initiating thorough security reviews. The company has notified impacted users and emphasizes that the breach did not affect ChatGPT or other core systems. Users are advised to remain vigilant against phishing attempts, enable multi-factor authentication, and verify communications. OpenAI continues to monitor for malicious activity and is conducting broader vendor security audits.