Grownup video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch historical past of its Premium members was reportedly stolen in a latest Mixpanel data breach.
Final week, PornHub disclosed that it was impacted by a latest breach at analytics vendor Mixpanel. Mixpanel suffered a breach on November eighth, 2025, after an SMS phishing (smishing) assault enabled menace actors to compromise its programs.
“A latest cybersecurity incident involving Mixpanel, a third-party knowledge analytics supplier, has impacted some Pornhub Premium customers,” reads a PornHub security discover posted on Friday.
“Particularly, this case impacts solely choose Premium customers. It is very important observe this was not a breach of Pornhub Premium’s programs. Passwords, fee particulars, and monetary data stay safe and weren’t uncovered.”
PornHub says it has not labored with Mixpanel since 2021, indicating the stolen information are historic analytics knowledge from 2021 or earlier.
Mixpanel says the breach affected a “restricted quantity” of consumers, with OpenAI and CoinTracker beforehand disclosing they had been affected.
That is the primary time it has been publicly confirmed that ShinyHunters was behind the Mixpanel breach.
When contacting PornHub, the corporate didn’t present extra remark to BleepingComputer past the security discover.
PornHub search and watch historical past uncovered
Right this moment, BleepingComputer discovered that ShinyHunters started extorting Mixpanel prospects final week, sending emails that started with “We’re ShinyHunters” and warned that their stolen knowledge can be printed if a ransom was not paid.
In an extortion demand despatched to PornHub, ShinyHunters claims it stole 94GB of information containing over 200 million information of non-public data within the Mixpanel breach.
ShinyHunters later confirmed to BleepingComputer that they had been behind the extortion emails, claiming the information consists of 201,211,943 information of historic search, watch, and obtain exercise for the platform’s Premium members.
A small pattern of information shared with BleepingComputer exhibits that the analytic occasions despatched to Mixpanel include a considerable amount of delicate data {that a} member would unlikely need publicly disclosed.
This knowledge features a PornHub Premium member’s electronic mail deal with, exercise kind, location, video URL, video title, key phrases related to the video, and the time the occasion occurred.
Exercise varieties seen by BleepingComputer embody whether or not the PornHub subscriber watched or downloaded a video or considered a channel. Nonetheless, ShinyHunters additionally mentioned the occasions embody search histories.
The ShinyHunters extortion group has been behind a string of data breaches this 12 months by compromising varied Salesforce integration firms to realize entry to Salesforce situations and steal firm knowledge.
The menace group is linked to the exploitation of the Oracle E-Enterprise Suite zero-day (CVE-2025-61884), in addition to to Salesforce/Drift assaults that impacted a giant variety of organizations earlier this 12 months.
With it now confirmed that ShinyHunters can also be behind the Mixpanel breach, the menace actors are chargeable for among the most vital data breaches in 2025, impacting a whole lot of firms.
ShinyHunters can also be creating a brand new ransomware-as-a-service known as ShinySpid3r, which can function a platform for them and menace actors related to Scattered Spider to conduct ransomware assaults.
Damaged IAM is not simply an IT downside – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM appears to be like like, and a easy guidelines for constructing a scalable technique.
