OpenAI reports that Mixpanel became aware of unauthorized access on Nov. 9 and provided an exported dataset to OpenAI on Nov. 25. The dataset contained names associated with API accounts, email addresses, approximate browser-based location, operating systems, browsers, referring websites, and organization or user identifiers. OpenAI states that no passwords, API keys, payment data, chat content, prompts, usage records, authentication tokens, or government IDs were involved.
During its investigation, OpenAI removed Mixpanel from production systems, reviewed the dataset, and began notifying impacted organizations, administrators, and users. The company has ended its use of Mixpanel and plans broader security reviews across its vendor ecosystem. It continues monitoring for signs of misuse and says it will update affected users if new information emerges.
- Also read: Want To Rank Better In ChatGPT? Data Shows Sites With Strong Authority And Depth Earn Most Citations
Mixpanel has described its response to the incident. The company says it detected a smishing campaign on Nov. 8 and initiated incident-response measures that included securing affected accounts, revoking sessions, rotating compromised credentials, blocking malicious IP addresses, recording indicators of compromise in its monitoring systems, performing a forensic review with external specialists, and resetting passwords for all employees. Mixpanel reports that customers who did not receive direct communication were not affected.
Notes: This post was drafted with the assistance of AI tools and reviewed, edited, and published by humans. Image: DIW-Aigen.
Read next:
• How to Secure Your iPhone and Android Device Against Nation-State Hackers
• The Technology Consumers Will Spend More on in the Next 5 Years
by Asim BN via Digital Information World
No comments:
Post a Comment