The specifics:
On November 9, Mixpanel's systems that offered online analytics on the front-end interface of OpenAI's API product were compromised.
Names, emails, locations (city/state), device characteristics, and other profile information related to the API offering were among the data that the attacker exported.
OpenAI verified that no chat, API data, login credentials, or payment information were compromised, and that users of ChatGPT and other products were unaffected.
In addition to removing Mixpanel and proactively informing impacted customers, it is advising caution against any phishing attempts that might use the compromised data.
Names, emails, locations (city/state), device characteristics, and other profile information related to the API offering were among the data that the attacker exported.
OpenAI verified that no chat, API data, login credentials, or payment information were compromised, and that users of ChatGPT and other products were unaffected.
In addition to removing Mixpanel and proactively informing impacted customers, it is advising caution against any phishing attempts that might use the compromised data.
This incident serves as a clear warning of the security threats that third-party partners can present, even though OpenAI's safeguards held. The immediate threat to impacted API users is not account compromise but rather social engineering, as hackers might utilize the compromised emails to cause more problems.