ChatGPT users’ personal details exposed in data breach, OpenAI reveals

Details stolen include users’ names, email addresses, location data, operating system and the browser they use.

OpenAI said that only users with accounts to access the company’s API interfaces are impacted by the cyber attack.

“This was not a breach of OpenAI’s systems,” OpenAI said in a blog post.

“No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.”

The company said that it is conducting a security investigation and has removed Mixpanel from its production services.

No evidence has been found of the stolen data being misused, though OpenAI warned that hackers could use it as part of phishing or social engineering attacks.

“We encourage you to remain vigilant for credible-looking phishing attempts or spam,” the firm said.

“The security and privacy of our products are paramount, and we remain resolute in protecting your information and communicating transparently when issues arise.”

It is not the first security incident to impact ChatGPT users since OpenAI launched the AI chatbot in November 2022.

The company was forced to take ChatGPT offline in March 2023 after researchers discovered a bug that allowed some users to see the private details of other active users, including partial payment information and some chat metadata.

Later that year, cyber security firm Group-IB reported that more than 100,000 devices had been infected with malware that stole ChatGPT login credentials, including usernames and passwords.

The incident did not involve a breach of OpenAI’s servers or infrastructure.

Following the latest breach, OpenAI said it would be “conducting additional and expanded security reviews” of the third-party apps and services, as well as “elevating security requirements for all partners and vendors.”