Hackers breached Mixpanel, a third-party analytics vendor used by OpenAI to track user behavior on its API platform, on November 26, 2025. The breach exposed data belonging to OpenAI API platform business customers including names, email addresses, geographic locations, and technical details about customer systems. Standard ChatGPT consumer app users were not affected. No chat content, API keys, passwords, credentials, payment details, or government IDs were compromised. OpenAI confirmed the incident was at the vendor level, not within OpenAI’s own systems. The incident highlighted that AI platform providers — holding sensitive data on enterprises integrating AI into products — are attractive targets for attackers seeking business intelligence.