Argentine cryptocurrency platform Lemon Cash disclosed on December 4th that its users’ personal data was exposed as a result of a security breach suffered by its external web analytics provider, Mixpanel, on November 9th.
In a statement to CriptoNoticias, Lemon’s team said: “There were no vulnerabilities in Lemon’s own systems. The leak came from Mixpanel (an external tool used to analyze data in the API) and only the names and emails of some users were exposed.”
The team behind the cryptocurrency platform emphasized: Private keys, seeds, and funds were not affectedand that this breach does not represent a direct risk of cryptocurrency theft. “All sensitive account information including balances, transaction amounts, transfers, access credentials, passwords, PINs, IDs, etc. remain fully protected,” they said.
Lemon sent an email directly to those affected to “warn them of the potential phishing attack and remind them of the security measures they need to take to avoid it.”
The incident started with The attacker gained unauthorized access to Mixpanel’s systems. According to the report, the company was slow to notify customers, including OpenAI and Lemon (OpenAI has since ended its partnership with Mixpanel).
Mixpanel’s code was embedded directly into the Lemon page, giving attackers access to information users submitted while browsing.
