If you receive a notification from ChatGPT provider OpenAI that one of its partners has suffered a data breach, it’s likely that your own data is safe. Only those who have an API account may have been affected
The company says it is being transparent by notifying all subscribers, even though only a small subset of them will have been impacted …
The company shared the information on its website.
Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider OpenAI used for web analytics on the frontend interface for our API product (platform.openai.com).
Bleeping Computer reports that OpenAI is notifying all users despite the fact that most will not be impacted.
OpenAI has started an investigation to determine the full scope of the incident. As a precaution, it has removed Mixpanel from its production services and is notifying organizations, administrators, and individual users directly. While OpenAI underlines that only users of its API are impacted, it notified all its subscribers.
The company stresses that its own systems were not accessed and that no ordinary user data was exposed.
This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.
Even for API account holders, limited data was compromised.
User profile information associated with the use of platform.openai.com may have been included in data exported from Mixpanel. The information that may have been affected was limited to: Name that was provided to us on the API account Email address associated with the API account Approximate coarse location based on API user browser (city, state, country) Operating system and browser used to access the API account Referring websites Organization or User IDs associated with the API account
... continue reading