Technology
Third-party breach exposes ChatGPT account details
NEWYou can now listen to Fox News articles!
ChatGPT went from novelty to necessity in less than two years. It is now part of how you work, learn, write, code and search. OpenAI has said the service has roughly 800 million weekly active users, which puts it in the same weight class as the biggest consumer platforms in the world.
When a tool becomes that central to your daily life, you assume the people running it can keep your data safe. That trust took a hit recently after OpenAI confirmed that personal information linked to API accounts had been exposed in a breach involving one of its third-party partners.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
The breach highlights how even trusted analytics partners can expose sensitive account details. (Kurt “CyberGuy” Knutsson)
What you need to know about the ChatGPT breach
OpenAI’s notification email places the breach squarely on Mixpanel, a major analytics provider the company used on its API platform. The email stresses that OpenAI’s own systems were not breached. No chat histories, billing information, passwords or API keys were exposed. Instead, the stolen data came from Mixpanel’s environment and included names, email addresses, Organization IDs, coarse location and technical metadata from user browsers.
FAKE CHATGPT APPS ARE HIJACKING YOUR PHONE WITHOUT YOU KNOWING
That sounds harmless on the surface. The email calls this “limited” analytics data, but the label feels like PR cushioning more than anything else. For attackers, this kind of metadata is gold. A dataset that reveals who you are, where you work, what machine you use and how your account is structured gives threat actors everything they need to run targeted phishing and impersonation campaigns.
The biggest red flag is the exposure of Organization IDs. Anyone who builds on the OpenAI API knows how sensitive these identifiers are. They sit at the center of internal billing, usage limits, account hierarchy and support workflows. If an attacker quotes your Org ID during a fake billing alert or support request, it suddenly becomes very hard to dismiss the message as a scam.
OpenAI’s own reconstructed timeline raises bigger questions. Mixpanel first detected a smishing attack on November 8. Attackers accessed internal systems the next day and exported OpenAI’s data. That data was gone for more than two weeks before Mixpanel told OpenAI on November 25. Only then did OpenAI alert everyone. It is a long and worrying silent period, and it left API users exposed to targeted attacks without even knowing they were at risk. OpenAI says it cut Mixpanel off the next day.
The size of the risk and the policy problem behind it
The timing and the scale matter here. ChatGPT sits at the center of the generative AI boom. It does not just have consumer traffic. It has sensitive conversations from developers, employees, startups and enterprises. Even though the breach affected API accounts rather than consumer chat history, the exposure still highlights a wider issue. When a platform reaches almost a billion weekly users, any crack becomes a national-scale problem.
Regulators have been warning about this exact scenario. Vendor security is one of the weak links in modern tech policy. Data protection laws tend to focus on what a company does with the information you give them. They rarely provide strong guardrails around the entire chain of third-party services that process this data along the way. Mixpanel is not an obscure operator. It is a widely used analytics platform trusted by thousands of companies. Yet it still lost a dataset that should never have been accessible to an attacker.
Companies should treat analytics providers the same way they treat core infrastructure. If you cannot guarantee that your vendors follow the same security standards you do, you should not be collecting the data in the first place. For a platform as influential as ChatGPT, the responsibility is even higher. People do not fully understand how many invisible services sit behind a single AI query. They trust the brand they interact with, not the long list of partners behind it.
Attackers can use leaked metadata to craft convincing phishing emails that look legitimate. (Jaap Arriens/NurPhoto via Getty Images)
8 steps you can take to stay safer when using AI tools
If you rely on AI tools every day, it’s worth tightening your personal security before your data ends up floating around in someone else’s analytics dashboard. You cannot control how every vendor handles your information, but you can make it much harder for attackers to target you.
1) Use strong, unique passwords
Treat every AI account as if it holds something valuable because it does. Long, unique passwords stored in a reliable password manager reduce the fallout if one platform gets breached. This also protects you from credential stuffing, where attackers try the same password across multiple services.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Turn on phishing-resistant 2FA
AI platforms have become prime targets, so they rely on stronger 2FA. Use an authenticator app or a hardware security key. SMS codes can be intercepted or redirected, which makes them unreliable during large-scale phishing campaigns.
3) Use strong antivirus software
Another important step you can take to protect yourself from phishing attacks is to install strong antivirus software on your devices. This can also alert you to phishing emails and ransomware scams, helping you keep your personal information and digital assets safe.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
PARENTS BLAME CHATGPT FOR SON’S SUICIDE, LAWSUIT ALLEGES OPENAI WEAKENED SAFEGUARDS TWICE BEFORE TEEN’S DEATH
4) Limit what personal or sensitive data you share
Think twice before pasting private conversations, company documents, medical notes or addresses into a chat window. Many AI tools store recent history for model improvements unless you opt out, and some route data through external vendors. Anything you paste could live on longer than you expect.
5) Use a data-removal service to shrink your online footprint
Attackers often combine leaked metadata with information they pull from people-search sites and old listings. A good data-removal service scans the web for exposed personal details and submits removal requests on your behalf. Some services even let you send custom links for takedowns. Cleaning up these traces makes targeted phishing and impersonation attacks much harder to pull off.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Treat unexpected support messages with suspicion
Attackers know users panic when they hear about API limits, billing failures or account verification issues. If you get an email claiming to be from an AI provider, do not click the link. Open the site manually or use the official app to confirm whether the alert is real.
Events like this show why strengthening your personal security habits matters more than ever. (Kurt “CyberGuy” Knutsson)
7) Keep your devices and software updated
A lot of attacks succeed because devices run outdated operating systems or browsers. Regular updates close vulnerabilities that could be used to steal session tokens, capture keystrokes or hijack login flows. Updates are boring, but they prevent a surprising amount of trouble.
8) Delete accounts you no longer need
Old accounts sit around with old passwords and old data, and they become easy targets. If you’re not actively using a particular AI tool anymore, delete it from your account list and remove any saved information. It reduces your exposure and limits how many databases contain your details.
Kurt’s key takeaway
This breach may not have touched chat logs or payment details, but it shows how fragile the wider AI ecosystem can be. Your data is only as safe as the least secure partner in the chain. With ChatGPT now approaching a billion weekly users, that chain needs tighter rules, better oversight and fewer blind spots. If anything, this should be a reminder that the rush toward AI adoption needs stronger policy guardrails. Companies cannot hide behind transparent emails after the fact. They need to prove that the tools you rely on every day are secure at every layer, including the ones you never see.
Do you trust AI platforms with your personal information? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Valve now says that the delayed Steam Machine PC and Steam Frame VR headset are set to launch sometime this summer. In a Thursday blog post detailing its Verified programs for both pieces of hardware, Valve concludes by saying that “We’re excited for players to try your titles on the new Steam hardware once they launch this summer.”
When the company originally announced the Machine and Frame alongside its new Steam Controller late last year, it said that it would start shipping the new gadgets in early 2026. But in February, the company announced that the ongoing memory and storage crunch had forced it to revisit its pricing and shipping plans. And in March, Valve said in a blog post that it would be “shipping all three products this year” — though that was after the company initially said in the post that “we hope to ship in 2026,” which it removed in an update.
Valve opted to release the Steam Controller on its own, putting it up for sale in early May. For the Machine and Frame, while “summer” isn’t exactly a specific date, it narrows the window for when the products might finally come out.
Ahead of actually launching the devices, Valve is redesigning the Steam store and sharing information about the Verified programs for the hardware so that developers can prepare their games. Like with the Steam Deck, if a game is verified for the Machine or the Frame, the badge signals that the game should work well without any tweaks from the user.
For the Machine, the requirements for a game to be verified are “nearly identical” to what they are for the Steam Deck. With the Machine being “roughly six times as powerful” as the Deck, in theory, many more games will be verified for it. Valve also says that it’s testing “every title on Machine that fell below our performance requirements on Deck.”
For the Frame, Valve’s verified badge will signify games that run well while being played natively on the headset — as opposed to games that work well streamed to the headset, which the Frame is also capable of. “Like Steam Deck Verified, the Steam Frame Standalone Verified program focuses on the experience customers will have with the device out-of-the-box in standalone mode,” Valve says.
Now, we just need Valve to share exactly when the Steam Machine and Steam Frame will be released and how much they might cost. After last week’s price hikes for the Steam Deck, I’m gearing up for sticker shock.
NEWYou can now listen to Fox News articles!
Humanoid robots just got another real job. This time, they are clocking in behind the scenes at a major retail operation. Figure AI has signed a commercial agreement with Catalyst Brands. That is the company behind JCPenney, Aéropostale, Brooks Brothers, Eddie Bauer, Lucky Brand and Nautica.
The first rollout begins at Catalyst’s Reno, Nevada Distribution Logistics Center. So, no, these robots are not greeting shoppers or folding jeans in the store aisle. At least not yet.
For now, they are heading into warehouse and supply chain work. Still, the announcement has some people worried. Many see humanoid robots entering a workplace and immediately wonder what happens to human jobs. That concern is fair.
Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)
- Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com.
THE AI-POWERED ROBOT ARMY THAT PACKS YOUR GROCERIES IN MINUTES
Figure’s humanoid robots are starting behind the scenes in Catalyst Brands’ Reno warehouse, not on the store floor. (Figure AI)
Figure’s humanoid robots enter warehouse work
Catalyst Brands says Figure’s humanoid robots will help with supply chain work. The companies say the robots will focus on repetitive, physically demanding sorting and packing tasks. In other words, this starts with warehouse work that can wear people down over time. The robots will first assist with Catalyst’s Joey Pouch sorting system in Reno. That system helps with computerized induction, sorting and packing inside the facility. Catalyst says the Reno site also underwent a $40 million infrastructure update in 2024.
“As we invest in and scale our portfolio, this collaboration with Figure shows how emerging technologies can modernize our operations while strengthening our workforce,” said Marc Rosen, CEO of Catalyst Brands. “When we automate routine tasks, our associates can focus on higher-value work and better serve our customers across all our brands.”
So, this is happening behind the scenes in the warehouse, not on the store floor. That detail is important, especially because some online reactions made it sound like robots were already headed into retail stores. The announcement points to warehouse operations first. Still, warehouse jobs are real jobs. That is why this deal is getting so much attention.
Why the Figure AI and Catalyst Brands deal stands out
Catalyst Brands owns several major retail brands and operates a large retail network. Figure AI also describes this as a step toward deploying humanoid robots at scale, even though it has not said how many robots will be used.
There is also a financial connection behind the scenes. Brookfield is an investor in Figure AI and also has a stake in Catalyst Brands. Figure says this is the first commercial bridge between Figure and a Brookfield portfolio company.
If the robots perform well in Reno, the companies could look for more ways to use them across the business.
AI LAYOFFS MAY BE BACKFIRING ON COMPANIES
The robots will first assist with repetitive sorting and packing work inside Catalyst’s updated distribution center. (Figure AI)
What Figure AI has not revealed yet
The announcement leaves out several key details. We do not know how many robots Figure AI will deploy. We do not know the exact start date. We also do not know whether Catalyst is buying the robots, leasing them or using a robots-as-a-service model. The companies have also not said how many human roles could change because of the rollout.
Figure AI says the robots are being integrated into Catalyst’s distribution facility and will focus on physically demanding work. However, the release does not spell out the exact jobs the robots will handle day to day.
That missing information gives people room to worry. It also gives people room to guess. And online, people did both. Some thought humanoid robots were coming straight into stores. Others focused on the bigger fear, which is that robots could take over jobs that people depend on.
Why humanoid robots make workers nervous
The fear around this deal goes beyond one company. Workers have already watched companies use AI to cut costs, slow hiring and reorganize teams. Now, physical robots are entering spaces where people lift, sort, pack and move products. That feels different.
Figure AI and Catalyst say the robots can handle routine tasks and help associates shift toward higher-value work. That sounds promising. However, workers may hear a very different message. They may wonder who gets retrained. They may also wonder who gets replaced. Companies cannot brush off those concerns. If humanoid robots are coming into more workplaces, workers deserve clear answers.
JOBS THAT ARE MOST AT RISK FROM AI, ACCORDING TO MICROSOFT
The big question is whether humanoid robots will help workers handle tough warehouse tasks or eventually replace some of those jobs. (Figure AI)
Why retail companies want warehouse robots
Warehouse work can be tough on the body. People lift boxes, move products, repeat the same motions and race to keep up when orders spike. That is why retail companies are looking hard at automation.
Figure’s pitch is that humanoid robots can fit into places already built for people. They do not need a warehouse rebuilt from scratch. In theory, they can step into certain jobs and help with repetitive work.
For a retailer, that could mean products move faster, and workers face less physical strain. It could also help during busy shopping seasons, when distribution centers get slammed.
What to watch next with Figure AI robots
The next big signal will be whether Catalyst expands the robot program beyond Reno. A small rollout may be a learning test. A wider deployment would point to a much larger shift in how retailers move products.
Watch for details on robot count, job duties and worker impact. Those specifics will tell us more than anything else. Also, pay attention to how companies talk about employees. If they say robots will help workers move into better roles, they should explain exactly how that will happen. Workers deserve more than buzzwords.
What this means for you
These robots may start in a warehouse, but the ripple effect could eventually reach workers, shoppers and prices.
For shoppers, the upside is easy to see. If robots help move products faster, stores may have fewer empty shelves. Online orders could also move through warehouses more quickly.
For workers, it gets more complicated. Companies often say robots will take over the hardest tasks so people can move into better roles. That sounds good, but workers need more than a promise. They need training. They need clear answers. They also need to know whether a robot is there to help them or replace them.
And for the rest of us, this raises a bigger question. Are we comfortable with retailers using humanoid robots if it makes shopping faster or cheaper? Or do we want companies to prove that people are still part of the plan?
Kurt’s key takeaways
Figure AI’s deal with Catalyst Brands shows how quickly humanoid robots are entering our workplaces. For now, these robots are starting in a distribution center. They are not walking through the aisles at JCPenney. That distinction is important. Still, the bigger concern remains. People want to know whether these machines will help workers or slowly push them aside. Automation can reduce hard physical work. It can also create real fear when companies avoid direct answers. Humanoid robots may soon become a normal part of warehouse operations for retailers. The real test will be whether companies use them in a way that helps people, instead of treating people like a cost to cut.
Would you shop with a retailer that uses humanoid robots in its warehouses, or would that make you think twice? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Tan and countless other DIYers are attracting millions of views showing off the personal computers they’ve built inside purses, jewelry boxes, toys, and old tech, hiding Raspberry Pi boards inside art projects.
Cyberdecks, but make it fashion
The colorful, quirky builds popping up across social media are a drastic shift away from the typical look the cyberdecks we’ve featured have had, which often consisted of a 3D-printed chassis or a rugged box like a Pelican case, usually with a cyberpunk-style design.
Inside, these homemade devices are essentially mini Linux computers for specific tasks, usually done offline, like reading, journaling, or listening to music. But now, a cyberdeck doesn’t have to look like a computer at all.
-
Los Angeles, Ca12 minutes agoNB 405 Freeway closed near LAX after pursuit ends in gunfire
-
Detroit, MI34 minutes agoJudge blocks steam line project on Lafayette Park property
-
San Francisco, CA42 minutes agoFirst Thursdays kicks off Pride Month in San Francisco
-
Dallas, TX49 minutes agoDallas Cowboys Defense is ‘Annoying’ CeeDee Lamb and That’s a Good Thing
-
Miami, FL52 minutes agoTampa Bay Rays vs Miami Marlins Live Stream: How to Watch MLB
-
Boston, MA57 minutes agoOrioles news: O’s win series in Boston
-
Denver, CO1 hour agoDenver Broncos roster review: OLB Dasan McCullough
-
Seattle, WA1 hour agoYour Seattle-area weekend events guide: Pride, pinball, and car shows! – MyNorthwest.com
