Mixpanel suffered a data breach on November 8, resulting in the exposure of customer-identifiable metadata, including account names, email addresses, and browser locations for some users of OpenAI’s API. While OpenAI confirmed that no prompts, API keys, payment information, or authentication tokens were leaked, concerns arose about potential phishing attacks using the stolen data. In response, Mixpanel secured affected accounts, revoked sessions, and reset employee passwords, while OpenAI terminated its relationship with the analytics provider. Both companies reviewed the incident, notified impacted users, and are implementing new security measures to enhance data protection. OpenAI emphasized its commitment to transparency and security, stating that only API users were affected and that direct users of ChatGPT were not impacted. As cyber threats, including smishing, remain prevalent, there is increased scrutiny on third-party services handling sensitive information.
Source link
