Hackers tied to ShinyHunters extort PornHub after stealing search and viewing history of Premium users in a Mixpanel data breach.
PornHub faces extortion after hackers linked to ShinyHunters allegedly stole search and viewing history of Premium users via a Mixpanel data breach.
Mixpanel is a product analytics platform that companies use to understand how people interact with their apps or websites. Many tech companies use Mixpanel to make data-driven decisions about features, performance, and customer journeys.
The analytics provider reported a smishing attack detected on November 8, but attempted to downplay the security breach by saying that it impacted a limited number of customers.
“A recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users. Specifically, this situation affects only select Premium users. It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed.” reads a statement published by Pornhub.
“The incident occurred within our analytics vendor Mixpanel’s environment and involved a limited set of analytics events for some users. This was not a breach of Pornhub Premium’s systems. No passwords, credentials, payment details or government IDs were compromised or exposed. Like Google, ChatGPT and others who were compromised as a part of the same attack, Mixpanel informed us of this breach. Although we have not worked with Mixpanel since 2021, it is our responsibility to ensure we inform you of this event.”
The company launched an internal investigation with the help of cybersecurity experts and notified authorities and Mixpanel. The commercial adult-content website also urged users to stay vigilant and watch for suspicious activity.
Exposure of PornHub Premium users’ search and viewing history poses serious privacy and security risks. Such data can be used for blackmail, extortion, or reputational damage, especially given its sensitive nature. Users may also face phishing or social engineering attacks tailored to their interests, identity theft if linked to emails or locations, and long-term loss of anonymity if the information is leaked or resold.
BleepingComputer reports that this is the first public confirmation linking ShinyHunters to the Mixpanel-related data used to extort PornHub. PornHub declined further comment beyond its security notice. Mixpanel told BleepingComputer it does not believe the data came from its November 2025 breach, stating the data was last accessed by a legitimate Pornhub parent company employee account in 2023 and not stolen from Mixpanel.
BleepingComputer also reports that ShinyHunters is extorting Mixpanel customers, claiming to have stolen 94GB of data, including over 200 million records. The group says the data covers PornHub Premium users’ historical search, watch, and download activity, containing highly sensitive details such as emails, locations, video metadata, and timestamps, and has confirmed authorship of the extortion campaign.
ShinyHunters has been linked to major 2025 breaches, including an Oracle E-Business Suite zero-day, Salesforce/Drift and GainSight attacks, the Mixpanel breach, and is launching the ShinySpid3r ransomware-as-a-service platform.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)