ChatGPT Hacked, Email Addresses And Names Of Users Exposed: Here's What You Should Do Right Now

OpenAI has issued a warning to its users regarding a security incident with some of its API products users that could have revealed the personal details of the users. The incident is not related to OpenAI's

system or ChatGPT users, but it happened with the Mixpanel environment, as confirmed by OpenAI in a blog post. This month, an attacker gained unauthorised access to Mixpanel's systems and exported a dataset. OpenAI was notified and received the affected data on November 25, 2025. The company repeated that all the data exposed in the event is linked to the accounts using API products. And the data only contained non-sensitive user profile information. The information included the name provided on the API account, email address associated with the API account, approximate location, operating system, and browser used, along with referring websites and organization or User IDs.

What OpenAI Did In Response?

OpenAI, following the event, has removed Mixpanel from its production services and is currently sending notifications to all the companies, admins, and users that have been impacted by the same. The company has focused on the fact that no sensitive information like API keys, passwords, government IDs, payment details, and more have been revealed through the leaks. OpenAI said, 'Trust, security, and privacy are foundational to our products, our organization, and our mission. We are committed to transparency and are notifying all impacted customers and users. We also hold our partners and vendors accountable for the highest bar for security and privacy of their services.Also Read: OpenAI Refutes The Blame On ChatGPT For 16-Year Old's Suicide, All Details HereAfter reviewing this incident, OpenAI has terminated its use of Mixpanel. Beyond Mixpanel, we are conducting additional and expanded security reviews across our vendor ecosystem and are elevating security requirements for all partners and vendors.'Affected users have been asked to be cautious of unexpected emails, messages, and especially those that come with links or attachments. Apart from that, the company has also asked the affected users to strengthen security by activating multi-factor authentication for their accounts.