| ▲ | cobertos 2 hours ago | ||||||||||||||||||||||
I _hate_ how this is written. At no point does it disclose explicitly: * What systems were accessed * What information was potentially exposed * Just how "proactively" they've been about this (no timeline) * Numbers... The scale of any of it --- Some comments from quoted portions of article > Mixpanel detected a smishing campaign ... Doesn't give any details on who the companion targeted, or how, or how widespread. > We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts. So there was definitely _some_ sort of unauthorized access, but doesn't say to which accounts or in what systems > Performed global password resets for all Mixpanel employees So... definitely sounds like they expected compromise of Mixpanel employee credentials | |||||||||||||||||||||||
| ▲ | reddalo an hour ago | parent | next [-] | ||||||||||||||||||||||
Also, I had never heard the word "smishing" before. I don't get what's different from "normal" phishing. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | breppp 2 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
but they registered the IOCs in their SIEM platform, so no way this will happen again | |||||||||||||||||||||||
| ▲ | jacquesm an hour ago | parent | prev [-] | ||||||||||||||||||||||
It makes you wonder if Mixpanel would have disclosed this if not for OpenAI more or less forcing them to. | |||||||||||||||||||||||