A smishing-enabled cyberattack against analytics provider Mixpanel led to unauthorized access and export of limited analytics datasets, including OpenAI platform user profiles and device/usage details, but not ChatGPT content or credentials, creating downstream phishing and social-engineering risk for affected customers while prompting OpenAI to sever Mixpanel integrations and Mixpanel to execute a full incident-response and hardening program.

Synthesizing all three sources, the OSINT indicates that an unauthorized third party exploited a previously unknown vulnerability in Oracle E-Business Suite in August 2025 to hack the Oracle EBS environments of the University of Pennsylvania and the University of Phoenix.