Mixpanel has reported a security incident that it detected on November 8. The company called the attack a “smishing campaign” and said that only “a limited number of customers” are affected. Mixpanel did not give technical details about how the attack happened. The firm said it secured affected accounts, rotated compromised credentials, revoked active sessions, reset employee passwords, and blocked malicious IP addresses.
OpenAI, which used Mixpanel for web analytics, told some users they might be affected. OpenAI said Mixpanel helped it study product use and improve the API at platform.openai.com.
The company said there was no sign of unauthorized access to OpenAI systems and that ChatGPT chat content, prompts, responses, and API usage data were not affected. OpenAI also said that passwords, API keys, payment information, account credentials, and government IDs were not taken.
OpenAI added that the attacker did obtain “a dataset containing limited customer identifiable information and analytics information”. The stolen items included user profile data tied to platform.openai.com, such as name, email address, a rough location from the user’s browser like city state and country, the operating system and browser, an organization or user ID, and the referring website. OpenAI warned that this kind of data could be used in phishing or other social engineering attacks.
OpenAI said it has removed Mixpanel from its production services and reviewed the data sets that Mixpanel held for OpenAI. The company said it is working with Mixpanel and other partners to learn the full scope of the incident and is notifying affected organizations admins and users directly. OpenAI added that while it has found no evidence of impact beyond Mixpanel’s systems it will continue to watch for any signs of misuse.
The company stated the following in full, “As part of our security investigation, we removed Mixpanel from our production services, reviewed the affected datasets, and are working closely with Mixpanel and other partners to fully understand the incident and its scope. We are in the process of notifying impacted organizations, admins, and users directly. While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse.”
Leave a comment