ChaTGPT 'hacked', many users' names and email addresses leaked; company issues warning

Due to a breach at a third-party OpenAI partner, data belonging to numerous users has been leaked. The company stated that users using its API products have been affected.

OpenAI, the company behind ChatGPT, has reported that personal data belonging to some of its API product users has been leaked. This data leak occurred due to a glitch in the company's third-party data analytics provider, Mixpanel. Earlier this month, an attacker breached Mixpanel's system and exported the data. The company stated that OpenAI's systems and ChatGPT users were not affected by this data breach, but only users using the company's API products.

What data was leaked?

OpenAI stated that profile-level details of API accounts were leaked in this data breach. This information includes the account name, associated email address, location information including city, state, and country, operating system and browser information, referring websites and organizations, and user IDs. The company claims that no sensitive or authentication-related user information was leaked.

What action is the company taking now?

OpenAI stated that it became aware of the data leak on November 25th. Following this, it has completely removed Mixpanel from its production systems and is auditing its vendor ecosystem. It will also tighten security requirements for all its third-party partners to prevent similar incidents in the future. The company has also begun informing all companies, administrators, and users affected by the data leak.

This Warning for Affected Users

OpenAI has warned affected users that the leaked data could be used for phishing and other cyberattacks. The company has urged all users to exercise extreme caution when receiving emails from OpenAI. Users should be wary of emails containing suspicious links or requesting personal information. OpenAI stated that it never asks users for passwords, API keys, or verification codes.