Comment by Hannah203

2 days ago

Good write-up. Incidents like this show how easy it is for data to leak through third-party tools, even with good internal policies. The more dependencies a product has, the harder it is to keep the full chain secure.

4 comments

Hannah203

Reply
polack  2 days ago

That’s why you should only export anonymous information to external parties. There is no valid reason for OpenAI to export my personal information like this.

I will report OpenAI to the data protection agency in my country and I encourage others to do the same. They can not blame Mixpanel when they sprinkle others personal information around like this. NOT OK.

  • dependency_2x  2 days ago

    PII info

        Name that was provided to us on the API account 

    Email address associated with the API account

    Approximate coarse location based on API user browser (city, state, country)

    Operating system and browser used to access the API account

    Referring websites

    Organization or User IDs associated with the API account

    Rookie mistake for a billion dollar plus company, let alone the most valuable in the world.

  • Ntrails  1 day ago

    I find throwing mixpanel under the bus whilst ignoring the giant elephant of "why were you giving them that user data in the first place" to leave a sour taste

    • ngcazz  1 day ago

      Pretty big red flag, as if the revelation they were having a data protection amateur hour wasn't enough