Overview

Adult content platform PornHub is reportedly being extorted by the ransomware/extortion gang ShinyHunters after hackers claimed to have stolen premium member browsing and activity data linked to the site. The breach stems from a third-party analytics provider compromise, and the attackers are threatening to publish the information unless a ransom is paid.

Key Facts of the Incident

What Happened

According to information obtained by BleepingComputer and multiple cybersecurity outlets, the cybercriminal group known as ShinyHunters claims to have exfiltrated 94 GB of data — representing more than 201 million records tied to PornHub Premium members’ search and viewing activities. This dataset allegedly includes email addresses, location data, search queries, video URLs and titles, download history, and precise timestamps.

PornHub issued a security notice confirming it was impacted by a third-party breach at analytics provider Mixpanel, although the company emphasized that its own systems were not directly breached and that passwords, payment details and financial data remain secure. The platform also stated that it ceased working with Mixpanel in 2021, suggesting the exposed information may be historical.

ShinyHunters has reportedly begun sending extortion emails to several affected organizations including PornHub, warning that the stolen data will be published publicly if a ransom demand is not met. This marks another high-profile extortion campaign from a group responsible for multiple data thefts targeting tech companies and analytics platforms this year.

Immediate Risk & Impact

• Highly Sensitive Behaviour Data – The stolen dataset offers deep visibility into individual users’ search and viewing behavior, which, if published or misused, could lead to privacy violations, doxxing, blackmail or sextortion scams.

• Third-Party Risk Exposure – The incident exposes the ongoing security risks tied to third-party vendors and data providers, even when core services are not compromised.

• Conflicting Source Attribution – Mixpanel has responded to the claims, stating it cannot confirm that the data originated from its recent security incident, noting that the last legitimate access was by a PornHub parent-company employee in 2023. This discrepancy highlights ongoing uncertainty in how the data was obtained.

What Users and Organizations Should Do

1. Monitor for Sextortion & Phishing – Individuals whose email addresses may be included should remain vigilant for phishing or sextortion attempts.

2. Review Third-Party Data Retention – Organizations must audit and reduce reliance on third-party data storage where feasible, and enforce strict vendor security policies.

3. Strengthen Incident Response – Rapid breach detection and response procedures can help identify and mitigate downstream impacts of supply-chain compromises.

Why This Matters

The PornHub extortion incident highlights a growing trend in data breaches intersecting with extortion and privacy-sensitive information — where attackers leverage old or peripheral data stores for maximum reputational impact. As digital privacy concerns escalate, organizations must treat analytics and third-party integrations as critical parts of their threat surface, enforce stringent security governance, and prepare for extortion-based exploitation tactics that capitalize on exposed personal behavior data.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.