> It was SMS Phishing, a.k.a. Social Engineering... it’s opposite of breach.

A social engineering attack that enables an attacker to gain unauthorized access to Mixpanel's systems and export a dataset containing names, user IDs, location data, and email addresses sounds exactly like a breach to me.

That is not how it works.

A breach is unauthorized disclosure, the mechanism through which it is achieved is not relevant to that classification.

An employee that walks out with a file would also be classified as a breach, even if no systems got compromised from the outside.

> Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information

Read before you blindly comment