← All posts
Mixpanel700KUsers affectedUser dataAPI keysResponse1Change passwords2Rotate keys
5 min read

Mixpanel breach December 2025: Were you affected? Here's what to do

Analytics giant Mixpanel disclosed a security incident on December 2, 2025 that affected some customers including OpenAI users. Here's what was exposed and how to protect your accounts.

securitybreachesmixpanelopenai2025

On December 2, 2025, analytics provider Mixpanel disclosed a security incident that has left many users with questions. The timing—just hours before the US Thanksgiving holiday weekend—meant many people missed the announcement entirely.

Here's what we know, who's affected, and what you should do.

What happened

According to TechCrunch, Mixpanel CEO Jen Taylor announced that the company detected an "unspecified security incident" on November 8, 2025 that affected some customers.

The disclosure was notably vague:

  • No details on how many customers were affected
  • No specifics on how they were affected
  • No explanation of what data was accessed

What we do know: OpenAI was affected because it relies on Mixpanel's software for analytics.

Who's affected

The breach primarily impacts:

OpenAI users and developers

If you've used apps or websites that integrate OpenAI's products (ChatGPT API, etc.), your data may have been exposed through Mixpanel's analytics tracking. The stolen data reportedly included:

  • User names
  • Email addresses
  • Approximate locations (based on IP address)
  • Device identifiers

Mixpanel customers

Any company using Mixpanel's analytics platform could potentially be affected. The full scope hasn't been disclosed.

Why this matters

Mixpanel is one of the most widely used product analytics platforms. According to their website, they track billions of user actions across thousands of applications.

This means:

  • Data flows from countless apps through Mixpanel
  • A breach at Mixpanel exposes data from multiple sources
  • Your information could be in this breach even if you've never heard of Mixpanel

The connection to OpenAI is particularly notable because:

  • OpenAI's products are used by millions of developers
  • Many of those developers handle sensitive user data
  • The breach could expose information about what people are building with AI

What to do right now

Step 1: Check your OpenAI account

If you use OpenAI's API or developer tools:

  1. Log into platform.openai.com
  2. Check your account security settings
  3. Review API key usage for any anomalies
  4. Rotate your API keys as a precaution

Step 2: Change related passwords

Consider changing passwords for:

  • OpenAI accounts
  • Any apps/services that integrate with OpenAI
  • Your primary email (since it may be exposed)

Step 3: Enable MFA

If you haven't already:

  • Enable multi-factor authentication on OpenAI
  • Add MFA to any connected accounts
  • Use authenticator apps over SMS when possible

Step 4: Monitor for phishing

With email addresses and names exposed, expect targeted phishing:

  • Be suspicious of emails claiming to be from OpenAI or Mixpanel
  • Don't click links asking you to "verify your account"
  • Go directly to official websites instead of following email links

The bigger picture

The Mixpanel breach highlights a growing problem: supply chain risk in analytics.

When you use an app, you're not just trusting that app with your data. You're trusting:

  • Their analytics provider (Mixpanel, Amplitude, etc.)
  • Their error tracking service (Sentry, Datadog, etc.)
  • Their advertising partners
  • Every third-party SDK they've integrated

A breach at any of these companies exposes your data—even if the app you're using has perfect security.

What Mixpanel should do

The company's vague disclosure has drawn criticism. Affected users deserve:

  1. Clear scope: How many users? Which customers?
  2. Specific data: Exactly what was accessed?
  3. Timeline: When did the breach occur? When did access stop?
  4. Remediation: What is Mixpanel doing to prevent future incidents?

Until these questions are answered, users should assume the worst and take protective action.

Password rotation after breaches

Here's the reality: most people know they should change passwords after a breach. Almost nobody does.

The process is tedious:

  • Navigate to each affected service
  • Find the password change option
  • Generate a new secure password
  • Update your password manager
  • Repeat for every potentially affected account

This is exactly the problem Dosel solves.

How Dosel helps

When breaches like Mixpanel happen, you need to rotate credentials quickly:

  1. Import your accounts from any password manager
  2. Select which passwords might be affected
  3. Let AI handle the clicking through each site's password change flow
  4. Export updated credentials back to your password manager

No passwords leave your machine. Zero-knowledge architecture means your credentials stay local.

Download Dosel and rotate your at-risk credentials before attackers can use them. The free tier handles 5 passwords per month—start with your most critical accounts.

Stay informed

We'll update this post as Mixpanel releases more information about the breach.

In the meantime:

Sources

Have questions about the Mixpanel breach or need help protecting your accounts? Reach out at hello@dosel.app.

Protect your passwords with AI-powered automation.

Download Dosel