top of page
perceptive_background_267k.jpg

PornHub extorted after hackers steal Premium member activity data

Published:

15 December 2025 at 21:27:07

Alert date:

16 December 2025 at 06:01:33

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Data Breach & Exfiltration, Supply Chain & Dependencies

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after hackers allegedly stole Premium member activity data including search and watch history. The breach reportedly occurred through a Mixpanel data breach, compromising sensitive user information. ShinyHunters is demanding ransom payment in exchange for not releasing the stolen Premium member data publicly.

Technical details

ShinyHunters extortion gang breached Mixpanel analytics vendor on November 8th, 2025 via SMS phishing (smishing) attack. They claim to have stolen 94GB of data containing over 200 million records (201,211,943 records) of historical PornHub Premium member data from 2021 or earlier. The stolen data includes email addresses, activity types (watched/downloaded videos, viewed channels), location data, video URLs, video names, keywords, search histories, and timestamps. The breach affected multiple Mixpanel customers including OpenAI and CoinTracker. Mixpanel disputes the data originated from their November 2025 breach, stating the data was last accessed by a legitimate PornHub parent company employee account in 2023.

Mitigation steps:

PornHub states that passwords, payment details, and financial information were not exposed and remain secure. Users should monitor for any suspicious activity related to their accounts. Organizations using Mixpanel or similar analytics vendors should review their data sharing agreements and consider what sensitive data is being transmitted to third-party services.

Affected products:

PornHub Premium
Mixpanel analytics platform
OpenAI API
CoinTracker
Salesforce
GainSight
Oracle E-Business Suite

Related links:

https://www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/
https://help.pornhub.com/hc/en-us/articles/47334442459283-Important-Message-From-Pornhub
https://mixpanel.com/blog/sms-security-incident/
https://www.bleepingcomputer.com/news/security/oracle-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/
https://www.bleepingcomputer.com/news/security/shinyhunters-starts-leaking-data-stolen-in-salesforce-attacks/
https://www.bleepingcomputer.com/news/security/salesforce-investigates-customer-data-theft-via-gainsight-breach/
https://www.bleepingcomputer.com/news/security/meet-shinysp1d3r-new-ransomware-as-a-service-created-by-shinyhunters/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page