Hackers Target Mixpanel in New Breach, Prompting OpenAI to Warn Developers of Phishing Risks

OpenAI is urging developers to be vigilant following a security breach at Mixpanel, the analytics provider used to monitor activity on its developer platform. While OpenAI confirmed that its own systems remain secure and that ChatGPT users were not affected, the company acknowledged that stolen data may put some API users at greater risk of phishing attempts.

According to OpenAI, hackers accessed “limited analytics data” stored by Mixpanel, including names, email addresses and approximate locations of some developers using OpenAI’s API services. No passwords, payment information, chat history or API request content were compromised. Even so, the company warned that this type of personal information could be used to craft convincing fraudulent emails, a concern echoed by cybersecurity experts.

Jake Moore, a global cybersecurity advisor at ESET, noted that the stolen data is relatively low in sensitivity but could still be valuable to attackers if used to impersonate OpenAI or related services. OpenAI advised developers to be cautious of any unexpected emails or messages and to avoid clicking links or sharing credentials unless they can independently verify the sender.

Mixpanel, based in San Francisco and used by more than 11,000 companies worldwide, said the breach originated from a smishing attack detected on November 8. Smishing, a form of phishing conducted via SMS or messaging apps, is increasingly used by hackers to trick employees into revealing authentication credentials or downloading malware. The company’s CEO, Jen Taylor, said Mixpanel has contacted all affected customers and is cooperating with law enforcement.

The number of people impacted by the breach has not been disclosed. While the incident does not involve OpenAI’s internal infrastructure, it underscores how external partners can become attack vectors for high-profile organisations. OpenAI’s extraordinary growth and prominence in the artificial intelligence sector have made it an attractive target for cybercriminals.

This latest incident comes amid heightened scrutiny of OpenAI’s security posture. Last year, a hacker reportedly breached the company’s internal messaging systems and stole information related to advanced AI development. In mid-2024, a former researcher claimed he was fired after raising internal concerns about vulnerabilities and the risk of foreign espionage.

The Mixpanel breach serves as another reminder that as AI companies grow, so too does their exposure to sophisticated cyber threats. For now, OpenAI maintains that the impact on developers is limited, but it is urging its community to stay alert as investigations continue.

Photo Credit: DepositPhotos.com