The title here is misleading. The original article does not state breach and at no point have Mixpanel used that term.

It was SMS Phishing, a.k.a. Social Engineering.

It anything, it’s opposite of breach.

Email from OpenAI: Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider that OpenAI used for web analytics on the frontend interface for our API product (platform.openai.com). The incident occurred within Mixpanel’s systems and involved limited analytics data related to your API account.

This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.

What happened On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information. Mixpanel notified OpenAI that they were investigating, and on November 25, 2025, they shared the affected dataset with us.

What this means for you User profile information associated with use of platform.openai.com may have been included in data exported from Mixpanel. The information that may have been affected was limited to: Name that was provided to us on the API account Email address associated with the API account Approximate coarse location based on API user browser (city, state, country) Operating system and browser used to access the API account Referring websites Organization or User IDs associated with the API account

It's a suspicious post, why would you make a post if attackers are performing a sms phishing, that happens all the time.

Does that mean Mixpanel stock/valuation goes up because OpenAI uses them? That's how it works now is it?

So did an Mixpanel employee get phished or were Mixpanel customer accounts targeted, thus an OpenAI employee fell for it?

I don't understand. I was assured that ChatGPT is AGI by Sam Altman. Why are security breaches still happening? Surely with several hundred billion dollars investment and access to AGI, they could use ChatGPT agents to create their own product analytics platform that is robust and resilient against such a trivial attack rather than selling off users' personal data to a third party.

Considering they were aware of this on the 8th (who knows how long that was after it actually happened) it's a little disappointing that they'd wait until the day of such a major holiday to post about it. Unsurprising sure, but still disappointing.

I'm extremely confused by Mixpanel announcement, according to their blog post if you received an email from them it implies you were affected, yet I closed my account with them few months ago and I still received their email, which I can't understand if my account was impacted or no

> As a valued customer, we wanted to inform you about a recent security incident that affected a limited number of Mixpanel user accounts. We have proactively communicated with all impacted customers. If we did not previously contact you, your Mixpanel accounts were not impacted. We continue to prioritize security as a core tenant of our company, products and services. We are committed to supporting our customers and communicating transparently about this incident.