In a significant cybersecurity breach, the adult video platform PornHub has fallen victim to extortion attempts from the ShinyHunters hacking group. This follows the reported theft of search and viewing history concerning PornHub’s Premium members, which stemmed from a recent compromise of analytics provider Mixpanel.
Last week, PornHub issued a statement revealing its involvement in a data breach associated with Mixpanel, which suffered a security incident on November 8, 2025. The breach was reportedly initiated through an SMS phishing (smishing) attack, enabling malicious actors to infiltrate Mixpanel’s systems.
A security notice from PornHub confirmed that the incident specifically impacts a select number of Premium users. Importantly, the notice clarified that this incident does not indicate a breach of PornHub’s own systems. According to the notice, sensitive data such as passwords, payment information, and financial details have not been compromised.
Further investigation by PornHub suggests that it has not engaged with Mixpanel since 2021, insinuating that the stolen data relates to analytics records from that year or earlier. Mixpanel has stated that the breach impacted a limited number of its customers, including organizations like OpenAI and CoinTracker, which have disclosed similar breaches.
ShinyHunters claims to have stolen a staggering 94GB of data, encompassing over 200 million records linked to personal activities of PornHub Premium members. They have corroborated to BleepingComputer that this data includes detailed records of user interactions on the platform, such as viewing, searching, and downloading activities.
Sample data provided by ShinyHunters revealed that the information is highly sensitive and could severely impact end-users. This includes email addresses, activity types, geographical locations, URLs of watched videos, associated keywords, and timestamps for each activity. The extortion group has indicated that this dataset also contains users’ search histories, elevating the risk of reputational damage and privacy violations.
The ShinyHunters group has gained notoriety this year for a series of data breaches by targeting Salesforce integration companies to access sensitive company data. They are believed to be behind various significant exploits, including the recent compromise of the Oracle E-Business Suite (CVE-2025-61884) and multiple Salesforce-related attacks that affected numerous organizations.
In light of the confirmed association with the Mixpanel breach, ShinyHunters is now tied to some of 2025’s most impactful data compromises, impacting multiple companies across various sectors. Additionally, the group is reportedly developing a new ransomware-as-a-service platform named ShinySpid3r to enhance their cybercriminal endeavors further.
For businesses, the incident underscores the ongoing threat posed by cyber adversaries utilizing techniques such as initial access through phishing and subsequent data exfiltration, aligning with MITRE ATT&CK tactics of initial access and data theft. As the landscape of cybersecurity threats evolves, vigilance and preparedness remain paramount for organizations of all sizes.
