Pornhub Premium User Data Exposed Allegedly Due to Third-Party Mixpanel Breach, ShinyHunters Extorts the Company
Published
Key Takeaways
- Vendor compromise: Pornhub Premium users have been affected by a cybersecurity incident allegedly linked to the third-party analytics provider Mixpanel.
- Limited data exposure: The incident involved a specific set of analytics events; sensitive financial data, passwords, and government IDs were not compromised.
- Response actions: Pornhub has launched a comprehensive investigation with cybersecurity experts and relevant authorities to determine the full scope of the incident.
Pornhub has issued a formal notification regarding a Pornhub Premium data incident it linked to a security breach at Mixpanel, a third-party data analytics vendor. The Pornhub incident, which occurred on December 12, 2025, affected a select group of Premium users.
According to the official statement, the Mixpanel data breach affected only specific analytics events, and sensitive user data security remains intact.
Was Pornhub Breached?
The company explicitly clarified that this was not a direct breach of Pornhub's internal infrastructure. The unauthorized access occurred within Mixpanel's environment, impacting historical analytics data.
This event appears to be part of a broader attack orchestrated by the ShinyHunters threat actor, which reportedly affected other major technology entities using Mixpanel’s services.
Third-Party Analytics Incident Impacts Premium Users
The company, which ceased its partnership with Mixpanel in 2021, said there is no evidence that passwords, payment details, or government identification documents were accessed or exposed.
On November 9, 2025, Mixpanel identified unauthorized access to its environment, leading to the export of a dataset containing OpenAI customer information due to a smishing (SMS phishing) campaign.
However, Mixpanel recently told BleepingComputer that it is aware of reports that Pornhub has been “extorted with data that was allegedly stolen” from Mixpanel, but it does not believe it came from the recent security incident.
"The data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel," the company said.
ShinyHunters Extorts Pornhub
ShinyHunters confirmed to BleepingComputer that they were sending extortion emails to Pornhub, claiming the stolen data consists of 94GB of Premium members' information containing 201,211,943 records of personal details from the Mixpanel breach:
- Email address,
- Activity type,
- Location,
- Video URL,
- Video name,
- Keywords associated with the video,
- The time the event occurred.
Investigation and Cybersecurity Best Practices
In response to the disclosure, Pornhub immediately initiated an internal investigation. While the investigation proceeds, users are advised to adhere to cybersecurity best practices by remaining vigilant against suspicious emails or unusual account activity.
The ShinyHunters group (also part of the Scattered LAPSUS$ Hunters collective) has been linked to several major data breaches this year, including attacks on Salesforce integration companies, the Salesloft Drift attacks, and the GainSight breach.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular