Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Netflix invented binge watching. Now he may be over it.

The ‘first’ ransomware attack run by AI still needed a human

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026
  • Apps

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»A data breach at analytics giant Mixpanel leaves many open questions
Security

A data breach at analytics giant Mixpanel leaves many open questions

techtost.comBy techtost.com3 December 202507 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
A Data Breach At Analytics Giant Mixpanel Leaves Many Open
Share
Facebook Twitter LinkedIn Pinterest Email

A cybersecurity incident at an analytics provider Mixpanel announced just hours before the US Thanksgiving holiday weekend could set a new standard for how not to report a data breach.

To recap: In a bare bones blog post Last Wednesday, Mixpanel CEO Jen Taylor announced that the company had identified an unspecified security incident on November 8 that affected some of its customers, but did not say how or how many were affected, only that Mixpanel had taken a series of security actions to “eliminate unauthorized access.”

Mixpanel CEO Jen Taylor did not respond to multiple emails from TechCrunch, which included more than a dozen questions about the company’s data breach. We asked Taylor if the company had received any communication from the hackers, such as a request for money, along with other specific questions about the breach, including whether Mixpanel employee accounts were protected by multi-factor authentication.

One of its affected customers is OpenAI, which published his own blog post two days later, confirming what Mixpanel had not explicitly stated in its own post, that customer data had been taken from Mixpanel’s systems.

OpenAI said it was affected by the breach because it relied on software provided by Mixpanel to help understand how OpenAI users interact with certain parts of its website, such as its developer documentation.

OpenAI users affected by the Mixpanel breach are likely to be developers whose own applications or websites rely on OpenAI products to function. OpenAI said its stolen data included the user’s supplied name, email addresses, their approximate location (such as city and state) based on their IP address, and some identifiable device data, such as operating system and browser version. Some of this information is the same kind of data Mixpanel collects from users’ devices as they use apps and browse websites.

For his part, OpenAI spokesperson Niko Felix told TechCrunch that the compromised data obtained by Mixpanel “did not contain identifiers such as the Android Advertising ID or Apple’s IDFA,” which might have made it easier to personally identify specific OpenAI users or combine their OpenAI activity with usage from other apps and websites.

OpenAI said in its blog post that the incident did not directly affect ChatGPT users, and it has stopped using Mixpanel as a result of the breach.

While the details of the breach remain limited, this incident is drawing new scrutiny on the data analytics industry, which benefits from collecting reams of information about how people use websites and apps.

How Mixpanel tracks your taps, clicks and screen tracking

Mixpanel is one of the biggest web and mobile analytics companies that you may never have heard of unless you work in app development or marketing. According to its website, Mixpanel has 8,000 enterprise customers — one less now, after OpenAI’s early exit.

As each Mixpanel customer has potentially millions of its own users, the number of ordinary people whose data was taken in the breach could be significant. The type of data breached is likely to differ from each Mixpanel customer, depending on how each customer configured their data collection and how much user data they collected.

Companies like Mixpanel are part of a thriving industry that provides tracking technologies that allow companies to understand how their customers and users interact with their apps and websites. As such, analytics companies can collect and store vast amounts of information, including billions of data points, about regular consumers.

For example, an app maker or website developer can embed a piece of code from an analytics company like Mixpanel into their app or website to gain this visibility. For the app user or website visitor, it’s like having someone unknowingly watching you as you browse a website or use an app, constantly sharing every click or tap, swipe and link with the company developing the app or website.

In the case of Mixpanel, it’s easy to see the types of data Mixpanel collects from the apps and websites its code is embedded into. Using open source tools like Burp Suite, TechCrunch analyzed the network traffic flowing in and out of several apps with Mixpanel code inside — like Imgur, Lingvano, Mobile Neon. In our various tests, we saw varying degrees of information about our device and in-app activity uploaded to Mixpanel while using the apps.

This data may include the individual’s activity, such as opening the application, clicking a link, scanning a page, or logging in with their username and password, for example. This event log data is then attached to information about the user and their device, including device type (such as iPhone or Android), screen width and height, whether the user is on the phone network or Wi-Fi, the user’s carrier, the user’s unique identifier for that service (which can be linked to the user of the app), and the exact time of the event.

The data collected may sometimes include information that should be off limits. Mixpanel admitted in 2018 that its analytics code was inadvertently collecting user passwords.

Data collected by analytics companies is pseudonymized — essentially encoded in a way that does not include identifiable elements, such as an individual’s name. Instead, the information collected is attributed to a unique but seemingly random identifier used in place of an individual’s name. a seemingly more protective way of storing data. But aliases it can be reversed and used to determine people’s true identity. Also, data collected about an individual’s device can be used to uniquely identify that device, known as a “fingerprint,” which can also be used to track that user’s activity across different apps and on the internet.

By tracking what you do on your device across various apps, analytics companies make it easy for their customers to build profiles of users and their activity.

Mixpanel also allows its customers to collect “session replays,” which visually reconstruct how the company’s users interact with an app or website, so the developer can identify bugs and problems. Session replays are intended to exclude personally identifiable or sensitive information, such as passwords and credit card numbers, from any user session that is collected, but even this process is not perfect.

By Mixpanel’s own admission, session replays can sometimes occur contains sensitive information that should not have been recorded, but are collected by mistake. Apple cracked down on apps that use screen recording code after TechCrunch exposed the practice in 2019.

To say that Mixpanel has questions to answer about its breach is probably an understatement. Without knowing the specific types of data involved, it’s unclear how large this breach is or how many people may be affected. Maybe Mixpanel doesn’t know yet.

What’s clear is that companies like Mixpanel store huge banks of information about people and how they use their apps, and it’s clear that they’re a hotbed for malicious hackers.

Know more about the Mixpanel data breach? Do you work for Mixpanel or a company affected by the breach? We would love to hear from you. To contact this reporter securely, you can contact using Signal via username: zackwhittaker.1337

See the latest revelations on everything from agent AI and cloud infrastructure to security and more from the flagship Amazon Web Services event in Las Vegas. This video is brought to you in partnership with AWS.

Analytics breach cyber attack cyber security data data broker detailed information giant leaves Mixpanel monitoring open Questions
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSimular’s AI agent wants to run your Mac, Windows computer for you
Next Article Bending Spoons Agrees to Buy Eventbrite for $500M to Revive Stalled Brand
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Netflix invented binge watching. Now he may be over it.

7 July 2026

The ‘first’ ransomware attack run by AI still needed a human

7 July 2026

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.