ShinyHunters demand Bitcoin ransom after allegedly stealing user data from third-party analytics firm.
A hacking group claims they’ve gotten their hands on a truly massive pile of data from Pornhub’s premium subscribers. We’re talking over 200 million records here. And this isn’t just usernames either. We’re looking at emails, what people watched, when they watched it, and roughly where they were when they did.
To put this in perspective, Pornhub pulls in around 100 million visits every single day. It’s one of the most trafficked sites on the entire internet. That means millions of people are probably sitting at home right now wondering if their viewing history is about to become public knowledge.
The hackers behind this are apparently ShinyHunters, a crew that’s shown up in a bunch of major data thefts before. According to early reports the dataset specifically targets premium users, meaning the people who are actually paying for accounts.
Naturally, there was a ransom demand involved. Pornhub’s parent company got hit up for payment, and Reuters even spoke with someone claiming to be from ShinyHunters who wanted bitcoin in exchange for not dumping the data online.
Now here’s where things get interesting: Pornhub says this wasn’t actually a breach of their own systems. According to them, the data came from Mixpanel, a third party analytics company they used to work with for tracking user behavior. They cut ties with Mixpanel back in 2021, which means this data is at least a few years old at this point.
Pornhub has been pretty clear that passwords, payment info, and financial data weren’t part of what got taken. They’re calling it analytics data only, stuff like which videos people clicked on, search terms they used, and timestamps.
Mixpanel has acknowledged they’re aware of the situation but says they haven’t found any connection to a security incident they dealt with last month.
The good news, if there is any: cybersecurity firm Sophos says the data hasn’t shown up on the usual leak sites or dark web forums where ShinyHunters typically dumps stolen info to squeeze victims.
Sophos also shared some background on who these people likely are. Mostly English speaking hackers in their late teens or early twenties, part of a broader cybercrime network called “The Com.” That same group has ties to Scattered Spider, another hacking outfit that’s gone after big retailers like M&S and Harrods.
Bottom line? Even though Pornhub’s own systems weren’t directly hacked, this whole situation shows just how risky it is when third party services collect tons of user behavior data. Your information can end up exposed even when the main platform itself stays completely secure.
