In November 2025, OpenAI’s ChatGPT, owned by Microsoft, suffered a significant cyber-attack that compromised sensitive data. Investigations revealed the breach stemmed from Mixpanel’s servers, not Microsoft’s. This incident exposed critical information, including passwords, API keys, and chat logs. Shortly after, Po$^&ub, an adult site known for stringent age verification in the UK, faced a similar breach connected to Mixpanel. Over 200 million user records, containing email addresses, location data, and more, were leaked. The attackers, linked to the cybercrime group ShinyHunters, potentially maintained access to the site’s network, siphoning data over time. Although Po$^&ub swiftly implemented new security measures, the incident highlights the vulnerabilities of platforms relying on third-party services like Mixpanel. It underscores the critical importance of robust security protocols for both internal networks and third-party analytics firms to safeguard sensitive user information.
Join our LinkedIn group, Information Security Community, for more insights!
Source link
