OpenAI API user data exposed in Mixpanel hack

OpenAI had some of its Group PBC users' information stolen following an attack against data analytics firm Mixpanel earlier last month, SiliconANGLE reports. Infiltration of Mixpanel's internal systems through an SMS phishing message enabled the exfiltration of OpenAI API users' names, locations, and email addresses, as well as technical details related to API access. OpenAI, which already ditched Mixpanel as its analytics provider, emphasized that neither prompts delivered to APIs nor customer payment information had been compromised but warned of potential phishing intrusions leveraging the stolen data. While the extent of the breach remains unclear, Mixpanel has already secured impacted accounts, blocked malicious IP addresses, and conducted employee password resets. Such a development exhibits how accidental data leaks could stem from inadequate validation of trusted analytics tools, according to APIContext CEO Mayur Upadhyaya. "In a machine-first world, you can't fix what you can't see. Observability must extend across every API, webhook, and third-party integration," said Upadhyaya.