A breach at one of OpenAI's third-party partners has resulted in the data leak of numerous users. The company stated that users using API products were affected.

ChatGPT hack leaks data of many users

OpenAI, the company behind ChatGPT, has reported that personal data belonging to some of its API product users has been leaked. This data leak occurred due to a glitch in the company's third-party data analytics provider, Mixpanel. Earlier this month, an attacker breached Mixpanel's systems and exported the data. The company stated that OpenAI's systems and ChatGPT users were not affected by this data leak, but rather users of the company's API products.

What data was leaked?

OpenAI stated that this data breach exposed profile-level details of API accounts. These details include account names, associated email addresses, locations including city, state, and country, operating system and browser information, referring websites and organizations, and user IDs. The company claims that no sensitive or authentication-related user information was leaked.

What action is the company taking now?

OpenAI stated that it became aware of the data leak on November 25th. Following this, it has completely removed Mixpanel from its production systems and is auditing its vendor ecosystem. It will also tighten security requirements for all its third-party partners to prevent similar incidents in the future. The company has also begun notifying all companies, administrators, and users affected by the data leak.

This warning is for affected users.

OpenAI has warned affected users that the leaked data could be used for phishing and other cyberattacks. The company has urged all users to exercise extreme caution when receiving emails from OpenAI. Users should be wary of emails that contain suspicious links or request personal information. OpenAI stated that it never asks users for passwords, API keys, or verification codes.