Hackers breached an OpenAI vendor(yeni pencere) and stole sensitive information about business customers on November 26, 2025, including names, emails, locations, and technical details about the customers’ systems.
If you use ChatGPT for everyday tasks, like writing, brainstorming, or asking questions, OpenAI says your chats were not part of this breach. Still, the incident raises concerns — especially for businesses and developers who rely on OpenAI’s API services — about how third-party tools can expose user data, even when the core service isn’t directly affected.
Here’s what happened and what’s at risk.
What was exposed in the OpenAI data breach
On November 9, Mixpanel discovered that attackers gained unauthorized access to a dataset that included user-identifying and analytics information:
- Names and email addresses associated with API accounts
- Approximate location based on the API user browser, such as city, state, and country
- Browser and operating system details
- Referring websites
- Organization or User IDs associated with API accounts
OpenAI has suspended its relationship with Mixpanel and initiated broader security reviews across its vendor ecosystem. At the same time, the maker of ChatGPT clarified that its core systems were not breached, so no chat data, API content, passwords, API keys, payment information, or sensitive credentials were compromised.
How to protect your data
Despite this reassurance, even limited metadata can be dangerous in the wrong hands. Information like your name, email address, and location can be enough to launch phishing campaigns or social engineering attacks that trick you into giving away access to more sensitive accounts.
If you were affected (OpenAI says all impacted users were notified), you should treat this like any other breach involving personal information: Act quickly to protect your online identity.
Here are some steps you can take right now:
- Change your passwords, especially if you reused the same password on other sites.
- Turn on two-factor authentication (2FA) on all your accounts to add an extra layer of security.
- Be cautious with unexpected emails or messages, especially those that claim to be associated with OpenAI or which ask you to click a link or reset a password.
- Use Dark web monitoring to check if your personal data has been leaked or sold online.
Switch to a private AI that doesn’t expose your data
AI tools like ChatGPT are not built with your privacy in mind. If you or your organization uses ChatGPT, your personal or business data are at risk. Your sensitive information, prompts, metadata, and usage patterns can be stored, analyzed, or shared with third parties you’ve never heard of and may have no reason to trust — like in OpenAI’s case.
This is why Proton’s private AI assistant(yeni pencere), Lumo, offers a fundamentally safer alternative for everyday professional and personal workflows, especially when sensitive information is involved.
You can use Lumo to:
- Write, summarize, and analyze sensitive documents
- Handle internal business information or strategy
- Brainstorm and research
- Get AI assistance for personal use
Unlike Big Tech AI tools like ChatGPT, Gemini, or Copilot, Lumo is designed to keep you safe, meaning:
- Your conversations are never used to train AI models.
- No data is retained beyond the basic account information needed to operate the service.
- Your activity is not tracked, monetized, or shared with anyone.
- Sensitive conversations stay private by design.
Proton protects your privacy
The more companies rely on third-party tools and affiliate partnerships, the more opportunities there are for your data to leak. While Big Tech uses your personal data to train AI models, optimize their algorithms, and drive advertising revenue, we take a different approach.
At Proton, we don’t share your data with third parties, sell it, use affiliate networks, or show ads. When you join our end-to-end encrypted ecosystem, you stay in control of your information — whether it’s your email, calendar, passwords, cloud files, online activity, or AI conversations(yeni pencere).
