Mixpanel Suffers Breach Exposing Customer Metadata

Mixpanel disclosed on Nov. 8, 2025 that a targeted smishing attack led to unauthorized access and export of customer metadata, including names, emails, coarse geolocation, browser/OS details, and internal IDs. The company said no API keys, prompts, chat data, passwords, or payment information were taken; affected customers including OpenAI were notified, OpenAI severed ties, and a class-action lawsuit has been filed alleging inadequate protections.
Key Points
- 1Exposes that attackers used a smishing campaign to access and export customer metadata on Nov 8, 2025
- 2Highlights vendor risk as third-party analytics access can cascade exposure across startups and enterprises
- 3Urges practitioners to enforce stricter vendor vetting, continuous audits, and incident disclosure procedures
Scoring Rationale
Strong industry impact and clear actionability from vendor-risk lessons, limited novelty as the report covers a single breach incident.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems