A large-scale leak of paid members' personal data and detailed viewing histories occurred on the adult site Pornhub. A hacker group claimed it had obtained information on more than 200 million premium accounts and began extorting money by demanding bitcoin and other payments.
On the 16th (local time), foreign media including the Daily Mail reported that Pornhub had notified more than 200 million paid members of a security breach. The incident began when the system of Mixpanel, a third-party firm that Pornhub used for user analytics, was hacked.
The hackers accessed data stored on the platform and stole granular activity records of paid members, including email addresses, location information, titles of videos watched, search keywords, and login times. The hackers said the stolen data amounts to about 94GB and includes more than 200 million individual records.
Pornhub said in an official statement, "We recently became aware that an unauthorized party gained unauthorized access to analytical data stored with Mixpanel, a third-party data analytics service provider," adding, "Through the unauthorized access, a limited set of analytical events for some users could be extracted."
However, Pornhub stressed that the incident was not a direct breach of its internal systems. It added that sensitive core account information such as passwords, login credentials, payment information, and IDs was not leaked, that it secured the relevant accounts, and that it blocked unauthorized access. It also said that because it has not worked with Mixpanel since 2023, the leaked records are likely historical data from before 2023.
The well-known hacker group ShinyHunters has been identified as being behind the attack. The group has a history of extorting data leaks from multiple global companies in the past. Mixpanel CEO Jen Taylor said, "We have taken comprehensive measures to block unauthorized access and protect affected user accounts," adding, "We are working with external cybersecurity partners to respond to the incident."
Pornhub has notified authorities while conducting an internal investigation. In an official statement, the company urged users to stay vigilant, saying, "While the investigation is ongoing, all users should monitor their accounts for suspicious emails or unusual activity," and it warned about phishing attacks.