Another day, another security breach. This time, it’s OpenAI’s turn.
Today, users are waking up to discover emails from OpenAI’s security team, confirming more security issues at the company. This one is a bit more egregious than previous breaches, exposing emails, names, and approximate locations of an undisclosed number of users.
OpenAI claims that ChatGPT users were unaffected, with chat content, API usage, passwords, payment details, and government IDs remaining safe. However, users of OpenAI’s API interfaces at platform.openai.com have seen a variety of data exposed in this latest breach.
- Names provided to accounts on platform.openai.com
- Email addresses linked to the API accounts via platform.openai.com
- “Coarse approximate location” determined by IP address and web browser
- OS and browser type, as well as referring websites
- Organizataions and user IDs saved into the API accounts
The email to affected users reads as follows.
“Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider that OpenAl used for web analytics on the frontend interface for our API product (platform.openai.com). The incident occurred within Mixpanel’s systems and involved limited analytics data related to your API account.
This was not a breach of OpenAl’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.
They are being transparent. With our data. Everybody gets it.