OpenAI has disclosed a potential data exposure affecting its API platform users, stemming from a security incident at its third-party analytics vendor, Mixpanel.

In a blog post, OpenAI explained that a hacker breached Mixpanel’s systems and exported a dataset, which included identifiable information such as user and organization IDs.

The AI company stated that the breach occurred on November 9, 2025. “Mixpanel notified OpenAI that they were investigating, and on November 25, 2025, they shared the affected dataset with us,” the ChatGPT-maker said.

OpenAI however, reiterated that the attack did not breach its own infrastructure.

The compromise was confined to the third-party Mixpanel system, from which the hackers exported a comprehensive set of API user account information.

This dataset included personally identifiable and technical details such as user names, email addresses, associated organization IDs, browser and operating system specifics, coarse geographic location, and referring website URLs.

OpenAI’s paid API is primarily used by developers to integrate its AI models into their own applications.

The company had enlisted the analytics firm Mixpanel to track usage data from this platform to help guide product improvements.

According to OpenAI, the breach did not impact front-end users of ChatGPT.

The company also confirmed that sensitive data, including chat histories, API requests, passwords, payment details, and government IDs, remained secure and were not exposed.

“Additionally, we have confirmed that session tokens, authentication tokens, and other sensitive parameters for OpenAI services were not impacted,” OpenAI said.