OpenAI disclosed a Mixpanel analytics provider incident that exported limited API‑user analytics (names, emails, coarse locations, account IDs) and warned customers to expect targeted phishing. Separately, reporting confirmed an Asahi attack exposed about 1.5 million customers' personal data.

OpenAI confirmed that a security incident at third‑party analytics vendor Mixpanel resulted in the export of a dataset containing limited API‑user analytics information — including names, email addresses, coarse location and account identifiers — and cautioned affected users to remain vigilant for targeted phishing attempts. Importantly, OpenAI said ChatGPT content, API keys, passwords, payments and other sensitive credentials were not included in the exported data, but the presence of real names and organization IDs increases the credibility of subsequent social‑engineering lures. The disclosure arrives alongside reporting that a separate cyberattack on Asahi exposed personal data for roughly 1.5 million customers, illustrating how corporate breaches continually seed identity‑theft risks. Security experts recommend immediate steps: enable multifactor authentication, monitor accounts for suspicious login attempts, and treat any unexpected emails about accounts or payments as potential phishing. Organizations should also notify affected users with clear verification guidance and provide official reporting paths, while recipients of suspicious messages should independently visit vendor sites rather than clicking embedded links.