**PornHub Premium User Data Exposed in ShinyHunters Extortion Scheme Following Mixpanel Breach**
PornHub is facing extortion demands from the ShinyHunters cybercrime group after the search and watch history of its Premium members was stolen in a November 2025 breach of analytics vendor Mixpanel. The incident, disclosed by PornHub last week, stems from a November 8 smishing (SMS phishing) attack that compromised Mixpanel’s systems, exposing historical user activity data from 2021 or earlier.
PornHub confirmed that only select Premium users were affected, emphasizing that passwords, payment details, and financial information remained secure. The company ceased its partnership with Mixpanel in 2021, meaning the stolen records consist of older analytics data. Mixpanel described the breach as impacting a "limited number" of customers, though other affected companies, including OpenAI and CoinTracker, have also acknowledged exposure.
ShinyHunters, now confirmed as the group behind the Mixpanel breach, began extorting victims last week, threatening to publish stolen data unless ransoms were paid. In communications with PornHub, the group claimed to have exfiltrated 94GB of data containing over 200 million records, including email addresses, video URLs, search keywords, timestamps, and user activity logs (e.g., watch/download history and location data). A sample reviewed by BleepingComputer verified the sensitivity of the exposed information.
The breach adds to ShinyHunters’ prolific 2025 campaign, which includes high-profile attacks via compromised Salesforce integrations, exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61884), and recent Salesforce/Drift-related breaches. The group is also developing ShinySpid3r, a ransomware-as-a-service platform linked to affiliates of the Scattered Spider threat actor collective. With this latest incident, ShinyHunters solidifies its role in some of the year’s most significant data breaches.
Aylo cybersecurity rating report: https://www.rankiteo.com/company/ayloservices
"id": "AYL1765836079",
"linkid": "ayloservices",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Premium members (select users)',
'industry': 'Adult Entertainment',
'name': 'PornHub',
'type': 'Company'},
{'customers_affected': 'Limited number of customers '
'(including PornHub, OpenAI, '
'CoinTracker)',
'industry': 'Data Analytics',
'name': 'Mixpanel',
'type': 'Third-party analytics provider'}],
'attack_vector': 'Third-party breach (Mixpanel)',
'customer_advisories': "Security notice posted on PornHub's website",
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '201,211,943',
'personally_identifiable_information': 'Email addresses, '
'activity history',
'sensitivity_of_data': 'High (personally identifiable '
'activity data)',
'type_of_data_compromised': 'Search history, watch history, '
'download activity, email '
'addresses, video URLs, video '
'names, keywords, timestamps, '
'locations'},
'date_detected': '2025-11-08',
'description': 'Adult video platform PornHub is being extorted by the '
'ShinyHunters extortion gang after the search and watch '
'history of its Premium members was reportedly stolen in a '
'recent Mixpanel data breach. The breach affected historical '
'analytics data from 2021 or earlier, including sensitive '
'information such as email addresses, activity types, '
'locations, video URLs, video names, keywords, and timestamps.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive user data',
'data_compromised': '94GB of data containing over 200 million '
'records',
'identity_theft_risk': 'High (exposure of email addresses and '
'activity history)',
'payment_information_risk': 'None (payment details were not '
'exposed)',
'systems_affected': 'Mixpanel analytics platform'},
'initial_access_broker': {'entry_point': 'Mixpanel (via SMS phishing)'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': 'Third-party breach via SMS '
'phishing attack on Mixpanel'},
'references': [{'source': 'BleepingComputer'},
{'source': 'PornHub Security Notice'}],
'response': {'communication_strategy': "Security notice posted on PornHub's "
'website'},
'threat_actor': 'ShinyHunters',
'title': "PornHub Premium Members' Search and Watch History Stolen in "
'Mixpanel Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'SMS phishing (smishing) attack'}