FEITI99 Posted December 19, 2025 #1 Posted December 19, 2025 I received an email from Stake informing me that my personal data was involved in a breach through one of their third-party providers, Mixpanel. While the message repeatedly reassures users that “funds and passwords are secure,” it raises far more concerns than it answers. Let’s be clear: usernames, emails, phone numbers, and dates of birth were exposed. That’s not harmless metadata - that’s exactly the information scammers need to run targeted phishing attacks, SIM-swaps, and impersonation scams. Saying “your funds are safe” doesn’t undo the fact that our identities were partially handed over. Stake claims their infrastructure wasn’t accessed. Fine. But that leads to a bigger question: why does an analytics company need access to users’ dates of birth and phone numbers in the first place? What business purpose justifies that level of personal data sharing? The breach reportedly happened via an SMS phishing attack and was “stopped that weekend,” yet attackers still managed to export files before containment. How long did they have access? How many users were affected? And why are we only hearing about this after the fact, once the damage was already done? We’re told that “online monitoring services” are in place. That sounds reassuring, but it’s vague. Are users being actively notified if their data appears in breach databases or dark-web markets? Or is this just a box being ticked to say something is being done? What’s especially frustrating is that the burden is once again shifted onto users. We’re told to stay vigilant, avoid scams, and enable passkeys or 2FA - all good advice, but advice that comes after our data has already been exposed. If these protections are now being strongly recommended, why weren’t they pushed harder before a breach occurred? And let’s not ignore the accountability issue. I didn’t choose Mixpanel. I chose Stake. Any third-party risk is still Stake’s responsibility, and users shouldn’t be expected to accept “it wasn’t us” as a satisfactory explanation. Transparency isn’t just admitting something went wrong. It’s explaining why it was possible, what data truly wasn’t necessary to share, and what will change so this doesn’t happen again. Right now, the message feels less like accountability and more like damage control - and users deserve better than that.
bharath621 Posted December 19, 2025 #3 Posted December 19, 2025 Same most of the user's got this mail , we have to be careful with the scam mails FEITI99 1
FEITI99 Posted December 20, 2025 Author #4 Posted December 20, 2025 3 hours ago, bharath621 said: Same most of the user's got this mail , we have to be careful with the scam mails Yes 🙌 would love more clarity from Eddie and the team.
Klaudusia Posted December 20, 2025 #5 Posted December 20, 2025 8 minutes ago, FEITI99 said: Tak, 🙌 bardzo chciałabym więcej jasności od Eddiego i zespołu. otóż to !
Featured Comment
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now