OpenAI, the creator of ChatGPT, has reported a data breach involving its third-party analytics provider, Mixpanel. The incident may have exposed some identifiable user information, including names and email addresses. However, the company clarified that personal users of ChatGPT are not affected. Only those with accounts accessing OpenAI’s API interfaces may have had their data compromised.

In a blog post, OpenAI stated, "This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed."

The breach was identified by Mixpanel on November 9, when an unauthorized individual accessed parts of their systems and exported a dataset containing limited customer and analytics information. Mixpanel provided the affected data set to OpenAI on Tuesday.

An OpenAI spokesperson confirmed that the company is notifying those potentially impacted by the breach. "We are proactively reaching out to organizations, admins, and users directly via email if they are impacted," the spokesperson said.

The leaked information may include the name associated with an API account, the email address linked to the account, approximate location data based on the user's browser, and details about the operating system and browser used to access the account. However, OpenAI emphasized that the content of customer chats, prompts, responses, and API usage data were not leaked. Additionally, no passwords, API keys, payment information, or government IDs were affected.

OpenAI noted that since passwords and API keys were not compromised, it is not recommending any resets or key rotations in response to this incident. However, the company cautioned users to be vigilant against potential phishing attempts or spam due to the exposure of names and email addresses.

OpenAI had been using Mixpanel for web analytics related to its API product. Following the breach, the company has removed Mixpanel from all its products. OpenAI is currently reviewing the affected datasets and collaborating with Mixpanel and other partners to understand the full scope of the incident. The company stated, "Beyond Mixpanel, we are conducting additional and expanded security reviews across our vendor ecosystem and are elevating security requirements for all partners and vendors."

In a separate matter, OpenAI is facing a copyright lawsuit from a coalition of Canadian news media companies, which alleges that the company unlawfully used news articles to train its generative AI software and is profiting from it. These allegations have not yet been proven in court.