"OpenAI has admitted a security breach at a third-party supplier exposed customer emails, location information, and "limited analytics data related to some users of the API". The supplier, Mixpanel, provides data analytics services via OpenAI's developer platform. OpenAI said the platform is used to help "understand product usage" and improve services for its API product, platform.openai.com. On 9 November, Mixpanel discovered an attacker gained unauthorized access to systems."
"They then exfiltrated a dataset containing "limited customer identifiable information and analytics information". A full outline of data exposed, per an OpenAI statement on the breach, includes: Names provided via Mixpanel API accounts Email addresses associated with the API account "Aproximate course location based on API user browsers" (including city, state, and country) Information on operating systems and browsers used to access the API account Referring websites associated with the API account"
"Upon discovery of the breach, OpenAI said it removed Mixpanel from production services and began a review of affected datasets. While the investigation is still ongoing, the company noted it has so far found "no evidence of any effect on systems or data outside Mixpanel's environment". The company has since terminated its use of the data analytics platform and said it will conduct a review of its broader supplier ecosystem."
OpenAI confirmed a security breach at third-party analytics supplier Mixpanel that exposed customer-identifiable and analytics information tied to its developer platform. The exposed data includes names, email addresses, approximate location inferred from user browsers (city, state, country), operating system and browser details, and referring websites. Mixpanel discovered unauthorized access on 9 November and reported that an attacker exfiltrated a dataset containing limited customer identifiable and analytics information. OpenAI removed Mixpanel from production, terminated use of the platform, began reviewing affected datasets, and started notifying impacted developers. No evidence so far indicates impact beyond Mixpanel's environment, and developer credentials and payment data were not exposed. A broader supplier review is underway.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]