Back Original

Mixpanel Security Breach

Out of transparency and our desire to share with our community, this blog post contains key information about a recent security incident that impacted a limited number of our customers. On November 8th, 2025, Mixpanel detected a smishing campaign and promptly executed our incident response processes. We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts. We engaged external cybersecurity partners to remediate and respond to the incident.

We proactively communicated with all impacted customers. If you have not heard from us directly, you were not impacted. We continue to prioritize security as a core tenant of our company, products and services. We are committed to supporting our customers and communicating transparently about this incident. 

  • Secured affected accounts
  • Revoked all active sessions and sign-ins
  • Rotated compromised Mixpanel credentials for impacted accounts
  • Blocked malicious IP addresses
  • Registered IOCs in our SIEM platform
  • Performed global password resets for all Mixpanel employees
  • Engaged third-party forensics firm to advise on containment and eradication measures
  • Performed a forensic review of authentication, session, and export logs across impacted accounts
  • Implemented additional controls to detect and block similar activity going forward.
  • Engaged with law enforcement and external cybersecurity advisors
  • If you received a communication from us, please review it for the steps we have taken to secure your account, as well as next steps. 
  • If you did not receive a communication from us, no action is required. Your accounts were not impacted.

If you have any questions about this incident, please contact support@mixpanel.com.