OpenAI, CoinTracker user data leaked after third-party hacked via SMS
Crypto tax firm CoinTracker and Sam Altman’s OpenAI have warned users that they may have suffered a data leak after the companies’ analytics partner Mixpanel fell victim to a “smishing” attack.
Mixpanel announced today that it suffered a security incident on November 8, leading to the leaking of customer data. It claimed the breach was the result of a “smishing campaign,” a phishing attack carried out via SMS text.
CoinTracker and OpenAI also disclosed the breach in an email sent yesterday. OpenAI claimed that the names, email addresses, approximate location, and device information of some of its users have been stolen.
CoinTracker similarly warned that email addresses, locations derived from IP addresses, device metadata, and summaries of users’ transactions were exported by the attackers.
Read more: Coinbase changed lawsuit rules a day before disclosing data breach, report
The firm says that Mixpanel shared details of the attack on November 21, while OpenAI says it was informed on November 25. The AI platform has since removed Mixpanel from its services.
OpenAI stressed that “no chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.” It also claims that the incident wasn’t a result of OpenAI’s systems and clarified that ChatGPT users weren’t affected by the breach.
It did, however, warn users that any leaked information may be used to target them. As such, it asked them to be vigilant, look out for potential scams, and be cautious of unexpected communications, domain names, and password requests.
Mixpanel responded to the breach by securing the affected accounts, resetting employee passwords, blocking malicious IP addresses, seeking help from third-party forensics firms, and reaching out to law enforcement and cybersecurity advisors.
Data breaches are common within the crypto industry, and attackers have targeted the likes of Crypto.com and Coinbase in the pursuit of user information.
Last Christmas, the data of almost 70,000 Coinbase users was leaked. The third-party customer service firm Zendesk was also attacked this year, resulting in the leaking of millions of user IDs submitted by Discord users.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.