Mixpanel breach compromises some OpenAI API users’ account data – SiliconANGLE
by
A breach at data analytics provider Mixpanel Inc. has compromised the account information of some OpenAI Group PBC users.
The ChatGPT developer disclosed the incident on Wednesday.
Mixpanel’s namesake analytics platform enables companies to collect data about how users interact with their applications. The software tracks metrics such as customer retention, uptime and performance. At the time of the breach, OpenAI used Mixpanel to collect data about developer interactions with its application programming interfaces.
Mixpanel detected the incident on November 8. The company determined that hackers had used an SMS phishing message to compromise some of its internal systems and gain access to customer data. OpenAI was one of the affected customers.
Mixpanel notified the ChatGPT developer of the incident shortly after uncovering it. On Tuesday, the analytics provider gave OpenAI a copy of the dataset that the hackers accessed from its API platform. OpenAI subsequently began notifying the users whose information appeared in the dataset.
The ChatGPT developer says that hackers accessed some API users’ names, email addresses and locations. The breach also compromised certain technical data, including what operating system and browser each affected customer used to access OpenAI’s APIs. According to the company, the hackers didn’t access customer payment details or the prompts sent to its APIs.
OpenAI stated in a blog post that customers don’t need to reset their passwords or rotate their encryption keys. However, the company cautioned that the hackers could use the stolen information to launch phishing attacks.
OpenAI has removed Mixpanel from its systems in response to the breach. Going forward, it will work with the analytics provider and “other partners” to further investigate the incident. OpenAI also plans to roll out stricter cybersecurity requirements for suppliers.
“The Mixpanel incident shows how even trusted analytics tools can inadvertently leak sensitive data if not continuously validated,” said Mayur Upadhyaya, chief executive of API testing and monitoring provider APIContext Inc. “In a machine-first world, you can’t fix what you can’t see. Observability must extend across every API, webhook and third-party integration.”
It’s unclear what other Mixpanel customers besides OpenAI are affected by the breach. The analytics provider’s website states that it has more than 29,000 customers including numerous major tech firms. Mixpanel says that it has secured the accounts affected by the breach, reset its employees’ passwords and blocked the threat actor’s IP addresses.
Data breaches involving major large language model providers such as OpenAI have been few and far between so far. However, threat actors occasionally use their models to launch hacking campaigns. OpenAI and its rivals have implemented guardrails designed to block such cyberattacks.
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
Mixpanel breach compromises some OpenAI API users’ account data
Procure AI lands $13M in funding to automate business procurement tasks
EU moves to ban social media for kids under 16 who don’t have parents’ consent
Jeff Bezos’ Project Prometheus reportedly acquires AI startup General Agents
Paxos acquires crypto wallet startup Fordefi for $100M+
Kovant wants to become the nerve center of enterprise agentic AI operations after pre-seed funding
Mixpanel breach compromises some OpenAI API users’ account data
SECURITY – BY . 11 MINS AGO
Procure AI lands $13M in funding to automate business procurement tasks
AI – BY . 13 HOURS AGO
EU moves to ban social media for kids under 16 who don’t have parents’ consent
POLICY – BY . 18 HOURS AGO
Jeff Bezos’ Project Prometheus reportedly acquires AI startup General Agents
AI – BY . 20 HOURS AGO
Paxos acquires crypto wallet startup Fordefi for $100M+
BLOCKCHAIN – BY . 1 DAY AGO
Kovant wants to become the nerve center of enterprise agentic AI operations after pre-seed funding
AI – BY . 2 DAYS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
