back to article Web analytics outfit Mixpanel slurped surfers' passwords

Website analytics outfit Mixpanel has admitted to harvesting passwords. Mixpanel provides a suite of services to help web publishers improve engagement. Among those services is "Autotrack", which promised the chance to track just about every aspect of a user's visit to a website. Including, it has been revealed, their …

  1. Mark 85 Silver badge

    'Days since last big breach' counter to Zero

    You mean the counter has something other than a zero on it? Who knew?

  2. Brian Miller

    Rust author terrified by current state of software development

    But who needs to be terrified of C/C++ when you have knuckleheads with JavaScript?

    I wonder what he'll be saying when these things are being done with Rust...

  3. sixit

    Partly User Fault

    Seriously, the user is partly to blame for not protecting themselves from spying online. It's ludicrously easy to blacklist Mixpanel and never have to worry about this again.

    That said, time to start applying some heavy duty federal laws against these companies, starting with MixPanel, to drive them out of business.

    1. Dave559 Bronze badge

      Re: Partly User Fault

      If you are using a desktop OS and a suitable browser, such as Firefox with RequestPolicy and NoScript, yes, you can block potentially untrustworthy spyware-like content like this, but on devices running a mobile OS, you often have far fewer, or no, ways to fully protect yourself from untrustworthy content, unfortunately.

  4. He Who Pedals Fast
    Mushroom

    Every app developer who every used mixpanel has my cleartext password? That's not that bad. I never use that password anywhere else anyway.

  5. Anonymous Coward
    Anonymous Coward

    All your data are belong to us

    Sadly, this only confirms what I had long feared/suspected about embedded third-party JavaScripts. If these scripts have deep access to the DOM and the full page contents, I have a nasty feeling that the likes of Google/NSA have been doing this for a long time, and entirely intentionally.

    Has anyone ever done a thorough source code review of Google Analytics to check very very carefully what exactly it does?

  6. Anonymous Coward
    Anonymous Coward

    Analytics....

    ...is the word used for spyware when it is used by a corporation.

    The only thing different is that analytics are much more dangerous.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019