PornHub is facing an extortion threat after hackers allegedly linked to the ShinyHunters group stole the search and viewing history of its Premium users through a data breach involving the third-party analytics provider, Mixpanel.
Mixpanel, a product analytics platform used by many tech companies to understand user interaction, reported a smishing attack on November 8, 2025. However, the company initially downplayed the incident, claiming it impacted only a limited number of customers.
PornHub confirmed the incident in a public statement: “A recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users. Specifically, this situation affects only select Premium users.” The company emphasized that this was not a breach of PornHub's own systems, and that passwords, payment details, and financial information remain secure and were not exposed. They noted they were informed of the breach by Mixpanel, similar to other companies like Google and ChatGPT affected by the same attack, despite not having worked with Mixpanel since 2021.
The exposure of Premium users’ search and viewing history poses serious privacy risks. This highly sensitive data could be used for blackmail, extortion, or reputational damage. Users may also face tailored phishing or social engineering attacks, identity theft, or long-term loss of anonymity if the information is leaked or resold.
BleepingComputer reports that this is the first public confirmation linking ShinyHunters to the Mixpanel-related data being used to extort PornHub. PornHub declined further comment beyond its security notice. Mixpanel, however, told BleepingComputer it does not believe the data originated from its November 2025 breach. Mixpanel claimed the data was last accessed by a legitimate PornHub parent company employee account in 2023 and was not stolen from their platform.
BleepingComputer also reported that ShinyHunters is extorting other Mixpanel customers, claiming to have stolen 94 GB of data, including over 200 million records. The group asserts the data includes PornHub Premium users’ historical search, watch, and download activity, with sensitive details such as emails, locations, and timestamps. ShinyHunters has confirmed authorship of the extortion campaign.
The ShinyHunters group has been linked to several major breaches in 2025, including an Oracle E-Business Suite zero-day, and attacks on Salesforce/Drift and GainSight. The group is also reportedly launching the ShinySpid3r ransomware-as-a-service platform.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
