OpenAI disclosed on Thursday that analytics provider Mixpanel suffered a security breach that exposed limited user data associated with its API platform hosted at platform.openai.com. The company said the incident was confined to Mixpanel’s systems and did not affect OpenAI’s infrastructure.
In a statement, OpenAI emphasized that “trust, security, and privacy are foundational to our products,” adding that Mixpanel has been removed from all production systems as a precaution. The company has also begun notifying individuals whose data may have been impacted.
According to OpenAI, the breach was discovered on November 9 and involved the unauthorized export of analytics data from Mixpanel’s environment. The company clarified that the incident does not affect users of ChatGPT or any other OpenAI products outside of the API platform.
OpenAI said it is continuing to work with Mixpanel to understand the scope of the breach while reviewing its own vendor security processes.
