Users receive ChatGPT data breach alerts | Here’s the truth

ChatGPT users worldwide have received security notifications from OpenAI, sparking concern about a potential data breach. However, the company has clarified that the incident has affected only a small subset of API users and that the majority of users remain completely safe.
The breach occurred at Mixpanel, a third-party analytics provider used by OpenAI to monitor activity on its API dashboard, and did not involve OpenAI’s core systems or the main ChatGPT product.
“The incident occurred within Mixpanel’s systems and involved limited analytics data related to some users of the API. Users of ChatGPT and other products were not impacted. This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed,” the company said in a release.
Who was affected?
OpenAI stated that on November 9, 2025, Mixpanel detected an attacker who had gained unauthorised access to part of their systems and exported a dataset containing a limited amount of customer-identifiable and analytics information.
The affected group is limited to users maintaining API accounts on platform.openai.com. Some profile-level data may have been included in Mixpanel’s exported logs. This data includes:
- Name that was provided on the API account
- Email address associated with the API account
- Approximate coarse location based on API user browser (city, state, country)
- Operating system and browser used to access the API account
- Referring websites
- Organisation or User IDs associated with the API account
OpenAI has already removed Mixpanel from all production systems and launched a full investigation. The company is also contacting organisations and administrators directly to clarify whether any of their team accounts are impacted.