Comment by cobertos

1 day ago

I _hate_ how this is written. At no point does it disclose explicitly:

* What systems were accessed

* What information was potentially exposed

* Just how "proactively" they've been about this (no timeline)

* Numbers... The scale of any of it

---

Some comments from quoted portions of article

> Mixpanel detected a smishing campaign ...

Doesn't give any details on who the companion targeted, or how, or how widespread.

> We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts.

So there was definitely _some_ sort of unauthorized access, but doesn't say to which accounts or in what systems

> Performed global password resets for all Mixpanel employees

So... definitely sounds like they expected compromise of Mixpanel employee credentials

28 comments

cobertos

Reply
gorgoiler  1 day ago

Yes, if you accidentally push grandma and her wheelchair over a cliff you probably wouldn’t refer to it as “a recent family incident”. In particular the fourth word, a single letter ‘a’, immediately got my back up. The vagueness and defensiveness of the whole post feels very dismissive and inhuman.

”Out of transparency and our desire to share with our community…” also reminds me when I get a refund that is prefixed with ”as a one-time gesture of goodwill…” instead of ”sorry, we made a mistake”.

  • tortilla  1 day ago

    Weasel words.

    I’m sorry IF you were offended… vs

    I’m sorry I made offensive remarks. It hurt you and I am truly sorry.

    • LoganDark  1 day ago

      We are very sorry to hear that a recent marketing campaign may have upset some customers. Your feedback is very important to us, and affected customers are invited to reach out through the Help Center for resolution options. We've pulled the campaign responsible, effective immediately, and we will be conducting a process review to ensure future campaigns will be held to a higher standard. We sincerely thank you for your continued support as we work tirelessly to improve our trademark customer-centric approach.

  • summa_tech  1 day ago

    I believe the proper term for this kind of "as a one-time gesture of goodwill" is "ex gratia", and is more-or-less a standard form for compensation without admitting liability.

sytse  1 day ago

Yes, the OpenAI disclosure about the same incident is much better https://openai.com/index/mixpanel-incident/

jacquesm  1 day ago

It makes you wonder if Mixpanel would have disclosed this if not for OpenAI more or less forcing them to.

jbochi  1 day ago

Announcing the breach on Thanksgiving day was also certainty calculated.

  • SilverElfin  1 day ago

    Yes - I have the same intuition. But it may also just be u fortunate timing and obligations. Sometimes companies have requirements from customers to notify them within some time period following a breach.

    • pkaeding  14 hours ago

      Like many in the US, I saw this somewhat late. Did the OpenAI disclosure come out first? Did Mixpanel notify OpenAI (due to contractual obligations), who then investigated and ripped Mixpanel out of their systems? And then OpenAI disclosed it publicly, forcing Mixpanel to disclose publicly?