Analytics behemoth Mixpanel has come under growing scrutiny after admitting to a cybersecurity incident that affected some of its clients and divulged little in the way of details. The scant initial statement, delivered on the eve of a holiday weekend, provided no information about how far the incident spread, what kind of data was compromised, or what might have caused the breach — a void that was soon filled by agitated customers and security watchers. OpenAI, a Mixpanel customer, later reported that data had been grabbed from the systems of Mixpanel itself, including user-provided names, email addresses, an approximate location harvested from IP numbers, plus details about users’ devices like their operating system and browser version. The incident did not affect ChatGPT end users, OpenAI said, and the company has stopped using Mixpanel. What Mixpanel Has Said So Far About the Breach Details The chief executive of Mixpanel conceded that unauthorized access was discovered and the company moved to “remove” that access. The company did not specify the intrusion vector, how many tenants were compromised, dwell time, or if data was siphoned out at scale. That leaves some pretty big holes in the risk-assessment process of a platform that serves about 8,000 corporate customers. Key unknowns include what exactly was taken and how systems were targeted; whether tenant environments were segmented and shared infrastructure isolated customers from one another to prevent cross-cust

Data analytics company Mixpanel suffered a security breach in November 2025, exposing account information for some OpenAI API users. OpenAI has since terminated its relationship with Mixpanel and begun notifying affected customers. Mixpanel Smishing Attack: How the Breach Happened Mixpanel is a product analytics platform that helps enterprises track user behavior across websites, apps, and APIs. The company analyzes key metrics, including retention rates, conversion rates, feature usage, and user journeys. OpenAI used Mixpanel as a third-party web analytics provider to understand product usage and improve its API platform (platform.openai.com), which powers text generation, natural language processing, and computer vision. On November 8, 2025, Mixpanel detected a smishing campaign — a type of phishing attack conducted via SMS text messages designed to trick employees into revealing their login credentials. The following day, November 9, Mixpanel discovered that an attacker had gained unauthorized access to part of their systems and exported a dataset containing customer information. Mixpanel immediately launched its incident response process, which included: Securing affected accounts and revoking all active sessions and sign-ins Rotating compromised Mixpanel credentials for impacted accounts Blocking malicious IP addresses Registering indicators of compromise (IOCs) on its SIEM platform Performing global password resets for all Mixpanel employees Engaging a third-p

Mixpanel Data Breach Exposes OpenAI Clients' Details

Threat actors breached Mixpanel, a third-party analytics service used by OpenAI, exposing personally identifiable information (PII) of OpenAI’s customers. The compromised data includes names, email addresses, approximate coarse locations (e.g., city or region), device details (operating system and browser), browsing history (websites visited), and organization or user IDs linked to OpenAI’s API accounts. While the breach did not involve highly sensitive financial or health-related data, the exposure of such PII—particularly email addresses, locations, and API-associated identifiers—poses risks of targeted phishing, identity profiling, or unauthorized access to linked services. The incident highlights vulnerabilities in third-party dependencies and the cascading impact on clients like OpenAI, whose users’ trust and operational security may be undermined by the leak. No ransomware was involved, but the scale of exposed data could enable follow-on attacks or reputational harm.