Blog Details

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the quest and observe history of its Premium members used to be reportedly stolen in a most traditional Mixpanel records breach.

Final week, PornHub disclosed that it used to be impacted by a most traditional breach at analytics provider Mixpanel. Mixpanel suffered a breach on November 8th, 2025, after an SMS phishing (smishing) assault enabled risk actors to compromise its systems.

“A recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users,” reads a PornHub security observe posted on Friday.

“Specifically, this situation affects only select Premium users. It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed.”

PornHub says it has no longer labored with Mixpanel since 2021, indicating the stolen data are historical analytics records from 2021 or earlier.

Mixpanel says the breach affected a “limited number” of purchasers, with OpenAI and CoinTracker previously disclosing they had been affected.

Right here is the first time it has been publicly confirmed that ShinyHunters used to be in the aid of the Mixpanel breach.

When contacting PornHub, the firm did no longer present extra commentary to BleepingComputer previous the safety observe.

After publishing our account, Mixpanel immediate BleepingComputer that it doesn’t mediate this records originated from the most traditional November breach.

“Mixpanel is aware of reports that Pornhub has been extorted with data that that was allegedly stolen from us,” Mixpanel immediate BleepingComputer.

“We can find no indication that this data was stolen from Mixpanel during our November 2025 security Incident or otherwise.”

“The data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel.”

Digital forensics PornHub search and observe history uncovered

Recently, BleepingComputer realized that ShinyHunters began extorting Mixpanel possibilities final week, sending emails that began with “We are ShinyHunters” and warned that their stolen records would possibly per chance perhaps be revealed if a ransom used to be no longer paid.

In an extortion search records from sent to PornHub, ShinyHunters claims it stole 94GB of records containing over 200 million data of non-public records in the Mixpanel breach.

ShinyHunters later confirmed to BleepingComputer that they had been in the aid of the extortion emails, claiming the records includes 201,211,943 data of historical search, observe, and fetch recount for the platform’s Premium members.

A tiny pattern of records shared with BleepingComputer shows that the analytic events sent to Mixpanel have a well-organized quantity of light records that a member would no longer going desire publicly disclosed.

This records involves a PornHub Premium member’s electronic mail deal with, recount form, location, video URL, video determine, key phrases connected to the video, and the time the occasion came about.

Command sorts viewed by BleepingComputer contain whether or no longer the PornHub subscriber watched or downloaded a video or considered a channel. Alternatively, ShinyHunters additionally stated the events contain search histories.

The ShinyHunters extortion neighborhood has been in the aid of a string of records breaches this year by compromising a few Salesforce integration companies to originate access to Salesforce cases and steal firm records.

The risk neighborhood is linked to the exploitation of the Oracle E-Industry Suite zero-day (CVE-2025-61884), moreover to to Salesforce/Drift assaults that impacted a well-organized number of organizations earlier this year.

More recently ShinyHunters conducted a breach at GainSight that allowed the risk actors to steal extra Salesforce records from organizations.

With it now confirmed that ShinyHunters is additionally in the aid of the Mixpanel breach, the risk actors are to blame for a few of a truly necessary records breaches in 2025, impacting many of of companies.

ShinyHunters is additionally constructing a novel ransomware-as-a-service referred to as ShinySpid3r, which is ready to aid as a platform for them and risk actors connected to Scattered Spider to habits ransomware assaults.