Technology
Third-party breach exposes ChatGPT account details
NEWYou can now listen to Fox News articles!
ChatGPT went from novelty to necessity in less than two years. It is now part of how you work, learn, write, code and search. OpenAI has said the service has roughly 800 million weekly active users, which puts it in the same weight class as the biggest consumer platforms in the world.
When a tool becomes that central to your daily life, you assume the people running it can keep your data safe. That trust took a hit recently after OpenAI confirmed that personal information linked to API accounts had been exposed in a breach involving one of its third-party partners.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
The breach highlights how even trusted analytics partners can expose sensitive account details. (Kurt “CyberGuy” Knutsson)
What you need to know about the ChatGPT breach
OpenAI’s notification email places the breach squarely on Mixpanel, a major analytics provider the company used on its API platform. The email stresses that OpenAI’s own systems were not breached. No chat histories, billing information, passwords or API keys were exposed. Instead, the stolen data came from Mixpanel’s environment and included names, email addresses, Organization IDs, coarse location and technical metadata from user browsers.
FAKE CHATGPT APPS ARE HIJACKING YOUR PHONE WITHOUT YOU KNOWING
That sounds harmless on the surface. The email calls this “limited” analytics data, but the label feels like PR cushioning more than anything else. For attackers, this kind of metadata is gold. A dataset that reveals who you are, where you work, what machine you use and how your account is structured gives threat actors everything they need to run targeted phishing and impersonation campaigns.
The biggest red flag is the exposure of Organization IDs. Anyone who builds on the OpenAI API knows how sensitive these identifiers are. They sit at the center of internal billing, usage limits, account hierarchy and support workflows. If an attacker quotes your Org ID during a fake billing alert or support request, it suddenly becomes very hard to dismiss the message as a scam.
OpenAI’s own reconstructed timeline raises bigger questions. Mixpanel first detected a smishing attack on November 8. Attackers accessed internal systems the next day and exported OpenAI’s data. That data was gone for more than two weeks before Mixpanel told OpenAI on November 25. Only then did OpenAI alert everyone. It is a long and worrying silent period, and it left API users exposed to targeted attacks without even knowing they were at risk. OpenAI says it cut Mixpanel off the next day.
The size of the risk and the policy problem behind it
The timing and the scale matter here. ChatGPT sits at the center of the generative AI boom. It does not just have consumer traffic. It has sensitive conversations from developers, employees, startups and enterprises. Even though the breach affected API accounts rather than consumer chat history, the exposure still highlights a wider issue. When a platform reaches almost a billion weekly users, any crack becomes a national-scale problem.
Regulators have been warning about this exact scenario. Vendor security is one of the weak links in modern tech policy. Data protection laws tend to focus on what a company does with the information you give them. They rarely provide strong guardrails around the entire chain of third-party services that process this data along the way. Mixpanel is not an obscure operator. It is a widely used analytics platform trusted by thousands of companies. Yet it still lost a dataset that should never have been accessible to an attacker.
Companies should treat analytics providers the same way they treat core infrastructure. If you cannot guarantee that your vendors follow the same security standards you do, you should not be collecting the data in the first place. For a platform as influential as ChatGPT, the responsibility is even higher. People do not fully understand how many invisible services sit behind a single AI query. They trust the brand they interact with, not the long list of partners behind it.
Attackers can use leaked metadata to craft convincing phishing emails that look legitimate. (Jaap Arriens/NurPhoto via Getty Images)
8 steps you can take to stay safer when using AI tools
If you rely on AI tools every day, it’s worth tightening your personal security before your data ends up floating around in someone else’s analytics dashboard. You cannot control how every vendor handles your information, but you can make it much harder for attackers to target you.
1) Use strong, unique passwords
Treat every AI account as if it holds something valuable because it does. Long, unique passwords stored in a reliable password manager reduce the fallout if one platform gets breached. This also protects you from credential stuffing, where attackers try the same password across multiple services.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Turn on phishing-resistant 2FA
AI platforms have become prime targets, so they rely on stronger 2FA. Use an authenticator app or a hardware security key. SMS codes can be intercepted or redirected, which makes them unreliable during large-scale phishing campaigns.
3) Use strong antivirus software
Another important step you can take to protect yourself from phishing attacks is to install strong antivirus software on your devices. This can also alert you to phishing emails and ransomware scams, helping you keep your personal information and digital assets safe.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
PARENTS BLAME CHATGPT FOR SON’S SUICIDE, LAWSUIT ALLEGES OPENAI WEAKENED SAFEGUARDS TWICE BEFORE TEEN’S DEATH
4) Limit what personal or sensitive data you share
Think twice before pasting private conversations, company documents, medical notes or addresses into a chat window. Many AI tools store recent history for model improvements unless you opt out, and some route data through external vendors. Anything you paste could live on longer than you expect.
5) Use a data-removal service to shrink your online footprint
Attackers often combine leaked metadata with information they pull from people-search sites and old listings. A good data-removal service scans the web for exposed personal details and submits removal requests on your behalf. Some services even let you send custom links for takedowns. Cleaning up these traces makes targeted phishing and impersonation attacks much harder to pull off.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Treat unexpected support messages with suspicion
Attackers know users panic when they hear about API limits, billing failures or account verification issues. If you get an email claiming to be from an AI provider, do not click the link. Open the site manually or use the official app to confirm whether the alert is real.
Events like this show why strengthening your personal security habits matters more than ever. (Kurt “CyberGuy” Knutsson)
7) Keep your devices and software updated
A lot of attacks succeed because devices run outdated operating systems or browsers. Regular updates close vulnerabilities that could be used to steal session tokens, capture keystrokes or hijack login flows. Updates are boring, but they prevent a surprising amount of trouble.
8) Delete accounts you no longer need
Old accounts sit around with old passwords and old data, and they become easy targets. If you’re not actively using a particular AI tool anymore, delete it from your account list and remove any saved information. It reduces your exposure and limits how many databases contain your details.
Kurt’s key takeaway
This breach may not have touched chat logs or payment details, but it shows how fragile the wider AI ecosystem can be. Your data is only as safe as the least secure partner in the chain. With ChatGPT now approaching a billion weekly users, that chain needs tighter rules, better oversight and fewer blind spots. If anything, this should be a reminder that the rush toward AI adoption needs stronger policy guardrails. Companies cannot hide behind transparent emails after the fact. They need to prove that the tools you rely on every day are secure at every layer, including the ones you never see.
Do you trust AI platforms with your personal information? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Welcome to Regulator, a newsletter for Verge subscribers about the technology and the tech bros upending American politics and the Trump administration. If you’re not a subscriber yet, and you’re interested in Silicon Valley’s adventures in sausage-making, you should do so here! It’s Q1! Surely the corporate budget will allow for it.
Precisely one year ago, Steve Bannon, the powerful, populist MAGA podcaster, was thrilled at the sight of the Big Tech CEOs swarming around Donald Trump. In the days before his inauguration, the major players were visiting Mar-a-Lago, signing checks, even showing up to sit quietly behind him during his second inauguration. For years, Bannon told ABC’s Jonathan Karl in an interview, Big Tech had undermined Trump: Jeff Bezos’ Washington Post had reported on him critically, for instance, while Meta and Alphabet’s subsidiaries had purportedly silenced his online presence. Now, Bannon said, they were “supplicants” to Trump, who’d hired MAGA regulators ready to tear apart those companies at any given moment. “Most people in our movement look at this as President Trump broke the oligarchs,” he bragged.
Even smaller pivots from firm MAGA positions in favor of the tech industry, and the response from said base, are telling. Last November, Trump sparked outrage from the right by defending the existence of H1-B visas for high-skilled foreign tech workers, going so far as to say that US workers lacked “certain talents” that prevented Big Tech from hiring domestically. Although Trump ended up radically overhauling the immigration lottery system in a more nativist favor, the continued existence of the H1-B visa program itself sparked a massive rift within the MAGAsphere: how could Trump let in any foreign workers, much less imply that they were better than American workers? What sort of “America First” was that?
For decades, even as a businessman, Trump’s had one consistent organizational principle: people and factions must constantly fight each other for his attention and favor. It happened all the time during Trump’s first term, when New York financiers, the Republican establishment, the career officials, Trump’s children, and the proto-MAGA wing were all fighting each other inside the West Wing. But by the time Trump returned to the campaign trail in 2024, the New Yorkers were exhausted and went home, the Republican establishment had caved to Trump, and the career officials were all about to be purged. MAGA populism had won, and they believed, to paraphrase Trump, that they would win so much that they would become tired of winning. It’s not like the populists haven’t claimed territory in Trump’s second administration. The Department of Justice is conducting lawfare against Trump’s critics, the Department of Homeland Security has given ICE a broadly terrifying mandate, and the Department of Defense (sorry, War) kidnapped a foreign head of state for the LOLs.
But honestly, I would not have expected a year ago, as I watched the tech CEOs applaud Trump in the Rotunda, that these “supplicants” would eventually sway Trump to their ways. I’m not sure how the next year looks for internal drama coming out of the White House. I will say, however, that it is very, very telling that Bannon, who once bragged that there was a plan in place for Trump to run for an unconstitutional third term, is reportedly eyeing a presidential run himself.
Well, in the sense of the Senate being on a one-week recess, during which I will be following the drama of Coinbase derailing the CLARITY Act over interest rates, before the Senate Banking Committee reconvenes. To my great regret, I am not at Davos, where CEO Brian Armstrong is and where most of the negotiations seem to be happening. So if you are in some private Swiss meeting with other tech overlords and have some insight into whether there will be an actual market structure bill passed in the upcoming year, please email me at tina@theverge.com, or over Signal at tina_nguyen.19.
NEWYou can now listen to Fox News articles!
For the first time, Americans with depression will soon be able to use a prescription brain-stimulation device at home.
The approval comes from the U.S. Food and Drug Administration and marks a major shift in how mental health conditions may be treated. The newly approved device is called FL-100, and it comes from Flow Neuroscience.
It is designed for adults 18 and older with moderate to severe major depressive disorder. Clinicians can prescribe it as a stand-alone treatment or alongside antidepressants and therapy. This decision matters because depression affects more than 20 million adults in the U.S. Roughly one-third do not get enough relief from medication or stop taking it due to side effects.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
SIMPLE DAILY HABIT MAY HELP EASE DEPRESSION MORE THAN MEDICATION, RESEARCHERS SAY
Flow Neuroscience has gotten approval from the U.S. Food and Drug Administration for its FL-100 prescription brain-stimulation device. (Flow Neuroscience)
How the Flow FL-100 works
The FL-100 uses transcranial direct current stimulation, often shortened to tDCS. This technology delivers a gentle electrical current to the prefrontal cortex, a region of the brain tied to mood regulation and stress response. In many people with depression, activity in this area is reduced. By stimulating it, the device aims to restore healthier brain signaling over time. The system looks like a lightweight headset and pairs with a mobile app. Patients use it at home for about 30 minutes per day while clinicians monitor progress remotely.
The clinical results behind the approval
The FDA based its decision on a randomized controlled trial that evaluated home use under remote supervision. Participants who received active stimulation showed meaningful improvement on clinician-rated and self-reported depression scales. After 10 weeks of treatment, patients experienced an average symptom improvement of 58% compared to a control group. Many users reported noticeable changes within the first three weeks. The study was published in the journal Nature Medicine, adding credibility to the findings. Side effects were generally mild and short-term. Reported issues included skin irritation, redness, headaches, and brief stinging sensations at the electrode sites.
The FDA has approved the first prescription brain-stimulation device for at-home treatment of depression in the U.S., marking a major shift in mental healthcare. (hoto by ISSAM AHMED/AFP via Getty Images)
A growing shift toward tech-based mental health care
Flow’s device has already been used by more than 55,000 people across Europe, the U.K., Switzerland and Hong Kong. In the U.K., it is prescribed within parts of the public health system. Company leaders say the U.S. approval opens the door for broader access to non-drug treatment options. The momentum is not isolated. In 2025, researchers at UCLA Health developed another experimental brain-stimulation approach, signaling rapid growth in this field. Together, these advances suggest that at-home neuromodulation may soon become a standard part of depression care rather than a fringe option.
When will the device be available
Flow expects the FL-100 to be available to U.S. patients in the second quarter of 2026. A prescription will be required, and the companion app will be available on iOS and Android. The company also plans to explore additional uses for its platform, including sleep disorders, addiction, and traumatic brain injury.
10 HEALTH TECH PRODUCTS STEALING THE SPOTLIGHT AT CES 2026
Flow Neuroscience’s FL-100 headset delivers mild electrical stimulation to the brain and can be prescribed for home use under medical supervision. (Flow Neuroscience)
What to know before trying Flow
Flow is FDA approved for adults 18 and older with moderate to severe major depressive disorder, and it requires a prescription from a licensed healthcare provider. Doctors can recommend it on its own or alongside medication or therapy. The headset is non-invasive and designed for home use, but it is not meant for emergency situations or people considered treatment resistant. It also does not replace crisis care or immediate mental health support. Most users wear the headset for about 30 minutes per session. Mild tingling, warmth, skin irritation or headaches can happen, especially early on. These effects are usually short-lived and monitored by a clinician through the companion app.
Flow pairs with a mobile app that guides treatment and supports remote clinical oversight. Your provider sets the treatment plan, and the device follows prescribed settings to ensure safe use. Pricing and insurance coverage may vary once the device becomes available in the U.S. Some patients may access Flow through clinics, research programs, or as it becomes more widely adopted in routine depression care. The bottom line is simple. Flow adds another evidence-based option, not a cure and not a one-size-fits-all solution. For people who have struggled to find relief, having another clinically proven choice can matter a lot.
What this means to you
If you or someone you care about struggles with depression, this approval expands the range of real treatment options. It offers a non-drug path that can be used at home under medical guidance. For patients who have not responded well to medication or who experience unwanted side effects, this could provide another way forward. It also reflects a broader trend toward personalized, tech-enabled mental healthcare.
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.
ELON MUSK SHARES PLAN TO MASS-PRODUCE BRAIN IMPLANTS FOR PARALYSIS, NEUROLOGICAL DISEASE
The newly approved device targets adults with moderate to severe depression and can be used alongside medication or therapy. (Photo by Sarah Silbiger/Getty Images)
Kurt’s key takeaways
This FDA approval feels like a real turning point. For years, brain stimulation for depression stayed locked inside clinics. Now it can happen at home with a doctor still guiding the process. That matters for people who have tried medications, dealt with side effects or felt stuck with limited options. This device will not be the right answer for everyone, but it gives patients and doctors one more proven tool to work with. And for many people living with depression, having another option could make all the difference.
If a doctor could prescribe a brain-stimulation headset instead of another pill, would you be open to trying it? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Christopher Klay, who previously developed the Stadia Enhanced browser extension, is one of many who saved a copy of the tool to a personal GitHub page. What’s more, they’re hosting a working copy of that Google website right here to make it even easier.
The Rip is Old-School Cop Drama Fun | Review
Top US Catholic cardinals question morality of American foreign policy
Video: Air Force One Turns Around With Trump Aboard
Sex is pleasurable. It should feel safe too. : It’s Been a Minute
One year in, Big Tech has out-maneuvered MAGA populists
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Video: Air Force One Turns Around With Trump Aboard
Gov Whitmer says America ‘ready for a woman president,’ contrasting Michelle Obama
Israel’s Netanyahu to join ‘board of peace’
Wall Street-backed landlords a target for both Trump and Democrats
Ilhan Omar accuses Noem of ‘lies and propaganda’ on Minnesota arrests
-
Sports3 days agoMiami’s Carson Beck turns heads with stunning admission about attending classes as college athlete
-
Detroit, MI6 days agoSchool Closings: List of closures across metro Detroit
-
Lifestyle6 days agoJulio Iglesias accused of sexual assault as Spanish prosecutors study the allegations
-
Education1 week agoVideo: Violence at a Minneapolis School Hours After ICE Shooting
-
Oklahoma1 week agoMissing 12-year-old Oklahoma boy found safe
-
Culture1 week agoTry This Quiz on Myths and Stories That Inspired Recent Books
-
Education1 week agoVideo: Lego Unveils New Smart Brick
-
Politics1 week agoSan Antonio ends its abortion travel fund after new state law, legal action