Mixpanel has reported a security incident that it detected on November 8. The company called the a “smishing campaign” and said that only “a limited number of customers” are affected. Mixpanel did not give technical details about how the happened. The firm said it secured affected accounts, rotated compromised credentials, revoked active sessions, reset employee passwords, and blocked malicious IP addresses.
OpenAI, which used Mixpanel for web analytics, told some users they might be affected. OpenAI said Mixpanel helped it study product use and improve the API at platform.openai.com.
The company said there was no sign of unauthorized access to OpenAI systems and that ChatGPT chat content, prompts, responses, and API usage data were not affected. OpenAI also said that passwords, API keys, payment information, account credentials, and government IDs were not taken.
OpenAI added that the er did obtain “a dataset containing limited customer identifiable information and analytics information”. The stolen items included user profile data tied to platform.openai.com, such as name, email address, a rough location from the user’s browser like city state and country, the operating system and browser, an organization or user ID, and the referring website. OpenAI warned that this kind of data could be used in phishing or other social engineering s.
OpenAI said it has removed Mixpanel from its production services and reviewed the data sets that Mixpanel held for OpenAI. The company said it is working with Mixpanel and other partners to learn the full scope of the incident and is notifying affected organizations admins and users directly. OpenAI added that while it has found no evidence of impact beyond Mixpanel’s systems it will continue to watch for any signs of misuse.
The company stated the following in full, “As part of our security investigation, we removed Mixpanel from our production services, reviewed the affected datasets, and are working closely with Mixpanel and other partners to fully understand the incident and its scope. We are in the process of notifying impacted organizations, admins, and users directly. While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse.”
Can you believe the nerve of these hackers? OpenAI deserves better security measures for its users privacy. Outrageous!
Is OpenAIs reliance on third-party tools like Mixpanel compromising user data security? Lets discuss the implications.
Do you think OpenAI should take more responsibility for protecting user data or is this just the reality of the digital age?
Do you think OpenAI should take more responsibility for protecting user data or is this just an inevitable risk of technology?
Do you think companies like OpenAI should be more transparent about their data security measures to prevent breaches like this?
Do you think OpenAI should take more responsibility for securing user data? Its a hot topic worth discussing!
Do you think companies like OpenAI should be held more accountable for data breaches? Its a scary world out there.