- A “smishing” attack on analytics firm Mixpanel led to a data leak affecting customers of CoinTracker and OpenAI.
- The breach occurred on November 8, with Mixpanel reporting it publicly on November 21 and OpenAI notifying users on November 25.
- Compromised data includes names, email addresses, approximate locations, device information, and transaction summaries, but no sensitive data like passwords or payment details.
- OpenAI has stopped using Mixpanel services following the incident and assured ChatGPT users were not affected.
- Mixpanel has responded by securing accounts, resetting passwords, and involving forensic and law enforcement teams.
On November 8, analytics provider Mixpanel was targeted by a “smishing” attack—a phishing scam sent via SMS messages—resulting in unauthorized access to customer data. This incident impacted users of crypto tax company CoinTracker and AI company OpenAI, both clients of Mixpanel’s analytics services.
Mixpanel disclosed the breach on November 21, informing that attackers exported customer data including names, email addresses, location data derived from IP addresses, device metadata, and summaries of user transactions. OpenAI followed with a user alert on November 25, confirming that some users’ names, email addresses, rough locations, and device information were accessed in the breach.
In statements, OpenAI emphasized that sensitive information such as chat content, API requests, passwords, credentials, payment details, government IDs, and API keys were not compromised. The company also clarified that the incident originated from Mixpanel’s systems and did not affect ChatGPT users. As a precaution, OpenAI has removed Mixpanel from its services and urged users to stay alert for scams that could use the leaked information.
CoinTracker warned that attackers accessed email addresses, location data based on IP addresses, device metadata, and brief summaries of users’ transactions through Mixpanel. Both companies advised caution regarding unexpected communications or requests related to password or personal information.
In response to the incident, Mixpanel secured the accounts impacted by the attack, reset employee passwords, blocked malicious IP addresses, engaged third-party forensic experts, and reached out to law enforcement and Cybersecurity advisors to investigate further.
Data breaches have become frequent in the crypto sector, with previous attacks hitting companies like crypto.com and Coinbase. Notably, last Christmas, the data of nearly 70,000 Coinbase users was leaked. Additionally, this year, customer service platform Zendesk suffered a breach leading to the exposure of millions of user IDs submitted by Discord users.
For more details on the attack, see Mixpanel’s official announcement at their blog and OpenAI‘s statement at their site. CoinTracker’s warning is available via their Twitter post.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Solana Spot ETFs See $8.1M Outflows, Ending 21-Day Inflow Streak
- Radix DEX Aggregators Boost Crypto Trading Efficiency and Savings
- Edel Finance Token Launch Faces Scrutiny Over Suspicious Transactions
- Bitcoin Shows Mixed Thanksgiving Weekend Returns Over 15 Years
- Houdini Pay Launches Private Crypto Payments Hiding Onchain Links
