6 February, 2018
Mixpanel Analytics Accidentally Slurped Up Passwords
The passwords of some people using sites monitored by popular analytics provider Mixpanel were mistakenly pulled into its software. Until TechCrunch’s inquiry, Mixpanel had made no public announcement about the embarrassing error beyond quietly emailing clients about the problem. Yet some need to update to a fixed Mixpanel SDK to prevent an ongoing privacy breach.
It’s unclear which clients were impacted due to confidentiality agreements, but Mixpanel lists Samsung, BMW, Intuit, US Bank and Fitbit as some of the companies it works with. “We can tell you that less than 25 percent of our customers were impacted,” the company’s spokesperson told me, but they noted approximately 4 percent of all Mixpanel Projects suffered from the privacy gap.
Mixpanel has raised $77 million in rounds led by prestigious investors like Andreessen Horowitz and Sequoia. But in early 2016 it laid off 10 percent of its 230-plus team, and has been dogged by a reputation for being expensive. Today’s news won’t help.