Major Data Breach Hits Pornhub Premium Users
In a significant cybersecurity incident, the notorious hacking group ShinyHunters has claimed responsibility for stealing approximately 200 million records containing sensitive user data from adult entertainment giant Pornhub. The breach specifically targets premium subscribers who pay for ad-free, high-resolution content on one of the world's most visited websites.
The stolen data, totaling 94GB according to cybersecurity experts, includes detailed viewing histories, search patterns, email addresses, geographic locations, and activity timestamps from premium users. While passwords and payment information appear to remain secure, the exposed behavioral data reveals intimate details about users' viewing habits and preferences.
Extortion Demands and Ransom Threats
ShinyHunters is demanding a Bitcoin ransom from Pornhub's parent company, Aylo (formerly MindGeek), threatening to publish the stolen data if their demands aren't met. 'We have the complete viewing histories and search patterns of millions of premium users,' a representative of the hacking group told Reuters. 'If the ransom isn't paid, this data will be made public, exposing users' most private viewing habits.'
The breach reportedly occurred through a compromise at analytics vendor Mixpanel, which Pornhub uses to track user behavior. According to Bleeping Computer, the initial attack happened on November 8, 2025, via an SMS phishing (smishing) campaign targeting Mixpanel employees.
Conflicting Accounts of the Breach
There's significant disagreement about how the data was obtained. Mixpanel has publicly denied responsibility, stating that the data in question was last accessed legitimately by an Aylo employee in 2023. 'We find no evidence that this data was stolen during our November security incident,' a Mixpanel spokesperson told The Register.
However, cybersecurity researchers examining the stolen data confirm its authenticity. Several users contacted by Reuters verified that the exposed information matched their premium subscription details, though they noted the data appeared to be several years old.
ShinyHunters: A Notorious Cybercrime Group
ShinyHunters first gained notoriety in 2020 and has been responsible for numerous high-profile breaches. According to Wikipedia, the group has targeted major corporations including Microsoft, AT&T, Santander, and Wattpad, typically demanding ransoms to prevent data leaks.
In 2025, the group has been particularly active, merging with another cybercrime organization called Scattered Spider and developing more sophisticated attack methods. 'ShinyHunters has evolved from simple credential theft to complex social engineering attacks,' explains cybersecurity analyst Maria Rodriguez. 'Their collaboration with Scattered Spider represents a dangerous escalation in their capabilities.'
Potential Impact on Users
The breach poses significant risks for affected users beyond simple embarrassment. Security experts warn that the detailed behavioral data could be used for targeted blackmail, sophisticated phishing campaigns, or identity theft.
'This isn't just about viewing preferences,' says privacy advocate James Wilson. 'The data includes timestamps, locations, and specific search terms that could be used to identify individuals or target them with extortion attempts. People need to be extremely cautious about any communications claiming to know about their viewing habits.'
Pornhub, which receives approximately 36 billion visits annually according to company statistics, has faced previous controversies but this represents one of its most significant security incidents. The company's parent organization, Ethical Capital Partners, acknowledged a security incident last week but hasn't commented specifically on the extortion demands.
Broader Implications for Digital Privacy
This incident highlights growing concerns about third-party analytics providers and the massive amounts of behavioral data they collect. Mixpanel serves approximately 8,000 corporate clients, and its November breach potentially exposed data across multiple platforms.
'The Pornhub breach is just the tip of the iceberg,' warns cybersecurity researcher Dr. Alan Chen. 'Analytics companies collect incredibly detailed behavioral data, and when they're compromised, the fallout affects millions of users across multiple platforms. This should serve as a wake-up call about the privacy risks of behavioral tracking.'
As the situation develops, affected users are advised to monitor their accounts for suspicious activity, be wary of phishing attempts referencing their viewing history, and consider using privacy-focused browsers or VPNs for sensitive online activities.