PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

OpenAI Data Breach Confirmed, But It's Unlikely to Impact You

The brand has begun notifying users about a data breach earlier in November for users of its API platform.

James Peckham
 & James Peckham Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: VCG/VCG via Getty Images)

OpenAI is the latest company to be involved in a data breach where customer information may have been compromised. If you use ChatGPT for personal use, it's unlikely your information has been stolen.

In emails to customers and a blog post on its website, OpenAI explains that an incident with a data analytics provider called Mixpanel saw the potential of some customer data being stolen by an attacker. It only impacts those who have accounts to access the brand's API interfaces.

Those with accounts for the API platform may have had details stolen, including their name, email address, approximate location, operating system, and the browser they use to access the website.

It also included information for "referring websites” and “organization or User IDs associated with the API account.” OpenAI says there was no other information was taken.

Mixpanel first learned of the attacker gaining access to its systems on Nov. 9, 2025, and shared a dataset with OpenAI on Nov. 25. OpenAI then began telling customers a day later.

Recommended by Our Editors

Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing

The brand says those with API accounts should be even more cautious with their information moving forward as it may mean they're prone to receiving phishing messages. It says to look out for rogue emails, and reaffirms that OpenAI won’t ever ask for your password, API keys or other verification codes on email or chat.

OpenAI says, “Trust, security, and privacy are foundational to our products, our organization, and our mission. We are committed to transparency, and are notifying all impacted customers and users.”

The brand said it has stopped working with Mixpanel in its services. It says it will also be “conducting additional and expanded security reviews across our vendor ecosystem and are elevating security requirements for all partners and vendors.”

If you were impacted by this incident, be sure to read PCMag's guide on what to do after a data breach.

Disclosure: Ziff Davis, PCMag's parent company, filed a lawsuit against OpenAI in April 2025, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.

About Our Expert

James Peckham

James Peckham

Reporter

I’ve been a journalist for over a decade after getting my start in tech reporting back in 2013. I joined PCMag in 2025, where I cover the latest developments across the tech sphere, writing about the gadgets and services you use every day. Be sure to send me any tips you think PCMag would be interested in.

I’ve worked at TechRadar, Android Police, T3, and more, where I broke many tech stories you may have read, including the return of the Motorola Razr when it first became a foldable phone. Based near London, I’ve appeared on BBC News, Al Jazeera, and other TV networks, podcasts, and radio shows as an expert on the latest tech stories and trends.

Read the latest from James Peckham

Read full bio