The hacking group Scattered Lapsus$ Hunters, which incorporates members of a gang often known as ShinyHunters, mentioned it’s trying to extort porn web site Pornhub, after claiming to have stolen private data belonging to the web site’s premium members.
On Friday, Pornhub confirmed it was amongst a number of firms affected by an earlier breach on the broadly used internet and cell analytics supplier Mixpanel, which uncovered unspecified “analytics occasions” of some Pornhub Premium customers.
On Monday, Bleeping Pc reported seeing a pattern of the stolen Pornhub knowledge, which included private data related to PornHub Premium members, together with their registered electronic mail addresses and site; exercise sort, akin to which movies and channels they watched, together with the video identify and internet handle; key phrases related to the video; and the date and time that the occasion was recorded.
Mixpanel chief government Jen Taylor didn’t reply to information.killnetswitch’s request for remark. A Pornhub spokesperson, who didn’t present their full identify, didn’t reply questions despatched by information.killnetswitch in regards to the incident, referring us as an alternative to the corporate’s printed assertion.
A spokesperson for the ShinyHunters gang advised information.killnetswitch that the hackers have despatched an extortion electronic mail solely to Pornhub thus far, and declined to say what number of different firms had been a part of the Mixpanel incident.
Proper earlier than the U.S. vacation of Thanksgiving, Mixpanel revealed a breach that it found on November 8, which affected its company clients, with out saying which of them, nor how they had been affected. OpenAI later confirmed it was a type of affected clients, in addition to CoinTracker and SwissBorg.
In keeping with Mixpanel’s web site, the corporate has round 8,000 clients, with every buyer having probably thousands and thousands of customers whose knowledge was taken within the breach.
Contact Us
Do you’ve got extra details about the Mixpanel breach? Comparable to what firms had been affected? From a non-work machine, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or electronic mail.
The kind of knowledge stolen doubtless relies on how every buyer configured their Mixpanel account to gather knowledge.
Typically talking, firms use Mixpanel to trace what their customers do on their web site or apps, just like an app developer or web site proprietor watching over a person’s shoulder to study what they click on, view, or swipe. Mixpanel may log details about the person’s units, akin to the scale of the display screen, whether or not they’re on Wi-Fi or a mobile community, and the identify of the provider, amongst different knowledge.
Scattered Lapsus$ Hunters is a coalition of primarily English-speaking hackers who’re believed to be in Western nations. The hackers have a protracted historical past of data breaches and are chargeable for a number of the largest hacks this 12 months, together with knowledge thefts focusing on Salesforce and Gainsight clients, which affected a whole bunch of firms.
Additionally on Friday, SoundCloud confirmed that about 20% of its customers had been affected by “unauthorized exercise in an ancillary service dashboard,” doubtless referring to Mixpanel. The audio streaming big mentioned the stolen knowledge contains electronic mail addresses and “data already seen on public SoundCloud profiles.”
SoundCloud didn’t reply to information.killnetswitch’s request for remark.
