- Pornhub says a Mixpanel compromise exposed some Premium user data, though not passwords or payment information
- Mixpanel denies its November breach leaked Pornhub data, while ShinyHunters claims responsibility
- The attackers allegedly possess 94GB of sensitive logs, including emails, activity details, and viewing metadata.
Adult website Pornhub has revealed that some of its Premium members had their data compromised as part of a third-party supply chain attack.
In a data breach notification letter posted on the company’s website dated December 12, Pornhub explained that anonymous threat actors compromised Mixpanel, a third-party data analytics provider that the company has not worked with since 2021.
There, hackers managed to obtain some sensitive data generated by the platform’s Premium users. No passwords, credentials, payment details or government IDs were taken, he emphasized.
Hidden in plain sight
“Like Google, ChatGPT, and others who were compromised as part of the same attack, Mixpanel informed us of this breach,” he said. “Although we have not worked with Mixpanel since 2021, it is our responsibility to ensure we inform you of this event.”
Pornhub did not share any additional details, such as the number of people affected by the breach, the nature of the information stolen, or the identity of the attackers.
The company said it launched a “thorough internal investigation,” involving relevant authorities as well as Mixpanel. It urged users to “stay alert” to incoming emails, especially those claiming to come from Pornhub.
The breach Pornhub refers to, which also affected Google and ChatGPT, was revealed in November 2025, and the Mixpanel breach was attributed to ransomware actors ShinyHunters.
However, there are conflicting reports surrounding the attack, as Mixpanel said for example. beepcomputer does not believe data was stolen from Pornhub during that particular incident.
“Mixpanel is aware of reports that Pornhub has been extorted with data that was allegedly stolen from us,” Mixpanel told the publication. “We cannot find any indication that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”
“The data was last accessed from a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe it is the result of a security incident at Mixpanel.”
The same publication also said that ShinyHunters confirmed being behind the breach. They claim to have stolen 94 GB of data and more than 200 million records. They shared a sample that apparently demonstrates that the information they stole was highly sensitive and includes email addresses, activity type, location, video URL, video names, keywords associated with the videos, and the time the video was viewed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
