OpenAI issues warning as users' names, addresses and locations are leaked in major breach

OpenAI has again been thrust into the spotlight for the wrong reasons, with the ChatGPT overlord confirming it's been subject to a malicious attack, with the sensitive data of its users being dished out like Halloween candy.

The recent boom in artificial intelligence has seen OpenAI soar to the top of the game, and while Elon Musk has launched his own sassy Grok in competition with his former baby, ChatGPT remains the king of the AIs.

Despite OpenAI stock leaping by some 153% in the past 12 months, it's also been a year that Sam Altman and the rest of the bigwigs have come under fire amid allegations that ChatGPT 'coached' a young teen to suicide, a board member resigned due to apparent Epstein connections, and the company had to pay up over copyright infringements.

The last thing OpenAI needs is the headache of a hack, but apparently, that's exactly what happened on November 9.

Users' personal data was leaked when unauthorized hackers gained access to a third-party data analytics provider called Mixpanel.

The stolen details included names, email addresses, location data, what operating system users were on, and the browser.

While OpenAI has reiterated that it was only those who had access to its API interfaces that have been affected, that doesn't make the severity of the attack any less serious.

In a blog post, the AI giant explained how it wasn't a breach of OpenAI’s systems, adding: "No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.”

As part of its security investigation, Mixpanel was removed from its production services. Even though there's no evidence that the data has currently been misused, OpenAI warns that it could be used in further phishing or social attacks.

Dammit! Just got a data breach notification from @OpenAI related to @mixpanel: pic.twitter.com/y8shHPTOPU

— Troy Hunt (@troyhunt) November 27, 2025

OpenAI continued: "We encourage you to remain vigilant for credible-looking phishing attempts or spam.

“The security and privacy of our products are paramount, and we remain resolute in protecting your information and communicating transparently when issues arise.”

With OpenAI being such a Goliath in the tech scene, this isn't the first time it has come under attack.

ChatGPT was memorably pulled offline when researchers discovered a March 2023 bug that allowed some users to see the details of others, including partial payment info and even chat metadata.

The same year, cybersecurity company Group-IB claimed that over 100,000 devices had been corrupted by malware that was stealing ChatGPT logins that included usernames and passwords.

Following the latest attack, OpenAI reminded us to stay vigilant, concluding that it would be "conducting additional and expanded security reviews” of its third-party apps and services, also promising that it would be “elevating security requirements for all partners and vendors.”