00:00Mixpanel's data breach surprise raises a lot of questions.
00:04Analytics giant Mixpanel quietly posted a vague blog update just hours before the Thanksgiving holiday,
00:10right when everyone was either traveling, cooking, or pretending to work.
00:14The post, written by CEO Jen Taylor, essentially said,
00:18Something bad happened on November 8th.
00:20Some customers were affected.
00:22We fixed stuff.
00:23And that was it.
00:25No details.
00:26No numbers.
00:27No explanation.
00:28Just a trust us and a quick fade out.
00:30TechCrunch tried following up with Taylor, sending over a dozen questions.
00:34Taylor didn't respond.
00:36But OpenAI did, and that's when things got interesting.
00:39OpenAI published its own blog two days later and confirmed what Mixpanel hadn't.
00:45Customer data was stolen.
00:47Because OpenAI uses Mixpanel to analyze developer-facing website traffic,
00:52the breach likely exposed data from developers relying on OpenAI's APIs.
00:57The stolen info included names, emails, rough locations based on IP addresses, and device details like operating systems and browser versions.
01:05Thankfully, it didn't include more invasive identifiers like Apple's IDFA or Android's Ad ID, which would have made tracking individuals far easier.
01:14OpenAI stressed that regular ChatGPT users weren't affected and promptly cut ties with Mixpanel.
01:21The Mixpanel breach highlights risks in analytics companies, which quietly collect detailed user data across thousands of apps, including activity logs, device info, and past password records.
01:32These companies also offer session replays, visual recordings of how users navigate apps, handy for developers, nightmare fuel for privacy advocates.
01:41The sheer volume of data flowing through Mixpanel's systems means the number of everyday people affected could be massive, depending on how each customer configured their tracking.
01:50Pseudonymized data can often be traced back to individuals, making it more identifying than companies admit.
01:56Mixpanel hasn't detailed the breach or its extent, highlighting that analytics firms are increasingly prime targets for hackers.
Be the first to comment