OpenAI is alerting some ChatGPT API customers that limited personally identifiable information (PII) was exposed after its third-party analytics provider, Mixpanel, was breached. The compromise, stemming from a smishing campaign detected on 8 November, affected “limited analytics data related to some users of the API”, but did not compromise ChatGPT or other OpenAI products.[1]
While OpenAI confirmed that sensitive information such as credentials, API keys, requests, and usage data, payment and chat details, or government IDs remained secure, the exposed data may include usernames, email addresses, approximate user location, browser and operating system details, referring websites, and account or organization IDs.
OpenAI said users do not need to reset passwords or regenerate API keys. Some users have reported that CoinTracker, a cryptocurrency tracking platform, may also have been affected, with limited device metadata and transaction counts exposed.
OpenAI has begun an investigation, removed Mixpanel from production services, and is notifying affected users directly. The company warns that the leaked data could be used for phishing or social engineering attacks and advises users to verify any messages claiming to relate to the incident, enable MFA, and to never share account credentials via email, text, or chat.
Mixpanel, in turn, has responded to the incident by securing accounts, revoking active sessions, rotating compromised credentials, blocking the threat actor’s IPs, resetting employee passwords, and implementing new controls to prevent future incidents. The analytics firm also reached out to all impacted customers directly.
The incident highlights the risks posed by third-party service providers and the importance of awareness against phishing, even when no core systems or highly sensitive information are directly compromised.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-48-7/
Comments