"A cybersecurity incident at analytics provider Mixpanel announced just hours before the U.S. Thanksgiving holiday weekend could set a new standard for how not to announce a data breach. To recap: In a bare bones blog post last Wednesday, Mixpanel chief executive Jen Taylor announced that the company had detected an unspecified security incident on November 8 that affected some of its customers, but didn't say how they were affected, nor how many, only that Mixpanel had taken a range of security actions to "eradicate unauthorized access.""
"Mixpanel's CEO, Jen Taylor, did not respond to multiple emails from TechCrunch, which included over a dozen questions about the company's data breach. We asked Taylor if the company had received any communication from the hackers, such as a demand for money, along with other specific questions about the breach, including whether Mixpanel employee accounts were protected with multi-factor authentication."
"OpenAI users affected by the Mixpanel breach are likely to be developers whose own apps or websites rely on OpenAI's products to work. OpenAI said its stolen data included the user's provided name, email addresses, their approximate location (such as city and state) based on their IP address, and some identifiable device data, such as the operating system and browser version. Some of this information is the same kind of data that Mixpanel collects from people's devices as they use apps and browse websites."
Mixpanel detected a security incident on November 8 and announced it in a minimal blog post just before the U.S. Thanksgiving holiday, providing few details about scope or impact. The company said it took security actions to "eradicate unauthorized access" but did not disclose how many customers or what specific data were taken. Mixpanel's CEO did not respond to media questions about ransom demands or whether employee accounts used multi-factor authentication. One affected customer, OpenAI, confirmed that customer data was exfiltrated, including names, email addresses, approximate locations derived from IP addresses, and device-identifying details of developer users.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]