The popular adult entertainment website Pornhub is in the midst of a major cybersecurity crisis, notifying more than 200 million premium users that their data may have been compromised in a security breach. The incident, which involves a third-party analytics provider, has raised significant concerns over user privacy.
Details of the Security Breach
According to a statement from Pornhub, the breach originated with Mixpanel, a third-party data analytics provider the site previously used to analyze traffic. The company confirmed that a "recent cybersecurity incident" at Mixpanel impacted some Pornhub Premium users. The hackers potentially gained access to limited records detailing how users interacted with the platform.
Pornhub was quick to reassure users that core security measures remained intact. Passwords, payment details, and financial information were not exposed in the attack, according to the company's announcement. The website, which is owned by Ottawa-based private equity firm Ethical Capital Partners, stated it has since secured the affected accounts and stopped the unauthorized access.
Extent of the Stolen Data and Ransom Demand
Despite Pornhub's assurances, the cybercriminals behind the attack claim to possess a far more extensive trove of information. In an extortion demand sent to the company, the hackers alleged they have a massive dataset containing over 200 million entries. This data reportedly includes:
- User email addresses
- Geographic locations
- Video titles viewed
- Search keywords used
- Activity types and timestamps
The cybercrime group ShinyHunters has claimed responsibility for the intrusion. In an online chat with Reuters, the group stated, "We're demanding a ransom payment in bitcoin to prevent the publication of (Pornhub) data and delete the data." The breach was first reported by technology news outlet BleepingComputer.
Timeline and Company Responses
An important detail that limits the scope of the breach is Pornhub's timeline with Mixpanel. The adult website confirmed it has not worked with Mixpanel since 2023. This means any stolen analytics records are from that year or earlier, potentially limiting the freshness of the exposed data.
Mixpanel's CEO, Jen Taylor, issued a separate statement regarding the incident. "We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts," Taylor said. "We engaged external cybersecurity partners to remediate and respond to the incident." However, Mixpanel told BleepingComputer it could not verify that the Pornhub data being circulated by hackers came from the November security incident.
Pornhub Premium, which costs users $14.99 per month, offers access to millions of videos, including over 100,000 premium videos not available to non-paying users. The company, formerly under parent company MindGeek, was acquired by Ethical Capital Partners in 2023.
