Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
Hackers tied to ShinyHunters extort PornHub after stealing search and viewing history of Premium users in a Mixpanel data breach.
PornHub faces extortion after hackers linked to ShinyHunters allegedly stole search and viewing history of Premium users via a Mixpanel data breach. The analytics provider, Mixpanel, reported a smishing attack detected on November 8, but attempted to downplay the security breach by saying that it impacted a limited number of customers. BleepingComputer reports that this is the first public confirmation linking ShinyHunters to the Mixpanel-related data used to extort PornHub, and ShinyHunters has confirmed authorship of the extortion campaign.
A recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users. Specifically, this situation affects only select Premium users. It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed. The company further stated, “The incident occurred within our analytics vendor Mixpanel’s environment and involved a limited set of analytics events for some users. This was not a breach of Pornhub Premium’s systems. No passwords, credentials, payment details or government IDs were compromised or exposed. Like Google, ChatGPT, and others who were compromised as a part of the same attack, Mixpanel informed us of this breach. Although we have not worked with Mixpanel since 2021, it is our responsibility to ensure we inform you of this event.”
Mixpanel, however, told BleepingComputer it does not believe the data came from its November 2025 breach, stating the data was last accessed by a legitimate Pornhub parent company employee account in 2023 and not stolen from Mixpanel.
Exposure of PornHub Premium users’ search and viewing history poses serious privacy and security risks. Such data can be used for blackmail, extortion, or reputational damage, especially given its sensitive nature. Users may also face phishing or social engineering attacks tailored to their interests, identity theft if linked to emails or locations, and long-term loss of anonymity if the information is leaked or resold. BleepingComputer also reports that ShinyHunters is extorting Mixpanel customers, claiming to have stolen 94GB of data, including over 200 million records. The group says the data covers PornHub Premium users’ historical search, watch, and download activity, containing highly sensitive details such as emails, locations, video metadata, and timestamps. ShinyHunters has been linked to major 2025 breaches, including an Oracle E-Business Suite zero-day, Salesforce/Drift and GainSight attacks, the Mixpanel breach, and is launching the ShinySpid3r ransomware-as-a-service platform.
To read the complete article see: here.