In late 2025, Mixpanel, a widely-used product analytics SaaS platform, suffered a breach that exposed user behavioral data from dozens of customer companies. Confirmed affected organizations include OpenAI, PornHub, Pinterest (Shuffles app), CoinDCX, SoundCloud, SwissBorg, and CoinLedger. Exposed data categories varied by company but typically included user names, email addresses, device information, browser/OS metadata, geographic location data, and in some cases sensitive behavioral data such as video viewing histories, search terms, and financial transaction types. The breach highlighted the risk of sensitive behavioral and usage data flowing to third-party analytics vendors without adequate data minimization or contractual security controls. Multiple European DPAs opened investigations into the incident.