Full Report
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]
Analysis Summary
# Incident Report: Third-Party Vendor Breach Affecting OpenAI API Customer Data
## Executive Summary
A cybersecurity incident originated within Mixpanel, OpenAI's third-party analytics provider, via a smishing campaign targeting Mixpanel employees. This breach resulted in the exposure of limited identifying information related to some OpenAI ChatGPT API customers. OpenAI was notified on November 25th and immediately launched an investigation, confirming that no sensitive OpenAI systems, credentials, or transactional data were compromised. Response actions included severing the relationship with Mixpanel and directly notifying affected parties.
## Incident Details
- Discovery Date: November 25, 2025 (Date OpenAI was informed of the affected dataset)
- Incident Date: November 8, 2025 (Date Mixpanel detected the smishing campaign)
- Affected Organization: OpenAI (Impacted via third-party vendor, Mixpanel)
- Sector: Technology/Artificial Intelligence Services
- Geography: Not explicitly stated, but involves global API customers.
## Timeline of Events
### Initial Access
- Date/Time: November 8, 2025
- Vector: Smishing (SMS Phishing) targeting Mixpanel employees.
- Details: A smishing campaign successfully phished Mixpanel personnel, leading to unauthorized access to the analytics provider's systems.
### Lateral Movement
- Details: Attackers gained access to a limited dataset used by OpenAI for frontend analytics tracking. The scope of movement within Mixpanel's environment is implied to be sufficient to exfiltrate the specific customer data segment used by OpenAI.
### Data Exfiltration/Impact
- Details: Limited analytics data related to some OpenAI API users was exposed. This included names, associated email addresses, approximate coarse location (city, state, country), operating system/browser information, referring websites, and Organization/User IDs.
### Detection & Response
- Date/Time: November 25, 2025 (OpenAI informed)
- Vector: Vendor notification (Mixpanel informed OpenAI).
- Details: OpenAI initiated an investigation upon being notified. As a precautionary measure, OpenAI removed Mixpanel from its production services. OpenAI began direct notification to affected customers and advised on potential phishing risks.
## Attack Methodology
- Initial Access: **Smishing (SMS Phishing)** against Mixpanel staff.
- Persistence: Not detailed, but likely maintained through compromised Mixpanel credentials obtained via phishing.
- Privilege Escalation: Not detailed.
- Defense Evasion: Not detailed, though the initial phishing was evidently successful.
- Credential Access: Achieved via phishing credentials used to access backend services.
- Discovery: Assumed internal reconnaissance within Mixpanel's infrastructure to locate data relevant to OpenAI customers.
- Lateral Movement: Limited to accessing the specific analytics data stores utilized by OpenAI.
- Collection: Gathering of limited user metadata and session information from the analytics platform.
- Exfiltration: Data related to API users was stolen from Mixpanel's platform.
- Impact: Exposure of limited customer identifying information; potential for follow-on social engineering attacks.
## Impact Assessment
- Financial: Not explicitly stated.
- Data Breach: **Limited identifying information** of some **ChatGPT API customers**. Excluded data: chat contents, API requests/usage data, passwords, credentials, API keys, payment details, or government IDs.
- Operational: Minor operational impact on OpenAI, primarily involving the removal of Mixpanel from production services and launching an investigation.
- Reputational: Negative publicity arising from a vendor-related data exposure.
## Indicators of Compromise
- Network indicators: Threat Actor IP addresses blocked by Mixpanel (*IPs are defanged/not provided*).
- File indicators: None provided.
- Behavioral indicators: Execution of a successful smishing campaign against vendor personnel.
## Response Actions
- **Containment (Mixpanel):** Secured affected accounts, revoked active sessions/sign-ins, rotated compromised credentials, and blocked threat actor IP addresses.
- **Containment (OpenAI):** Removal of Mixpanel from production services as a precautionary measure.
- **Eradication:** Not explicitly detailed for the threat actor's access, but credentials used by employees were reset (by Mixpanel).
- **Recovery:** N/A (No sensitive systems required recovery for OpenAI).
- **Notification:** Direct notification initiated by OpenAI to all affected subscribers/users.
## Lessons Learned
- Reliance on third-party vendors for critical data processing or analytics introduces inherent supply chain risk that must be anticipated.
- Anti-phishing education and MFA adoption (especially on employee accounts) are critical barriers, even for analytics platforms.
- The incident confirms that even "limited" metadata, when combined with other potential data leaks (like the reported impact on CoinTracker), can be leveraged for targeted social engineering.
## Recommendations
- Conduct rigorous third-party risk assessments focusing specifically on the data access and security posture of analytics and monitoring vendors.
- Mandate robust multi-factor authentication (MFA) across all employee and administrative accounts provided to vendors handling customer-related data.
- Advise all API customers to remain vigilant against phishing attempts referencing this vendor breach, due to the exposure of their email and coarse location data.