A notorious hacking group known as ShinyHunters says it has stolen personal data belonging to premium users of Pornhub and is threatening to publish the information unless a ransom is paid in Bitcoin, according to statements made by the group to Reuters.
The alleged breach involves customers of Pornhub’s paid subscription service. While the full scope and scale of the incident remain unclear, the hackers shared a sample of the data, portions of which Reuters was able to partially authenticate.
Victims Confirm Authenticity of Data
At least three former Pornhub premium customers — two men in Canada and one in the United States — confirmed to Reuters that the personal information shown in the hackers’ sample data was authentic. The individuals said the information appeared to be several years old and spoke on condition of anonymity due to the sensitive nature of the issue.
ShinyHunters told Reuters that it is demanding a ransom payment in Bitcoin to prevent publication of the data and to permanently delete the stolen information.
Pornhub and Owner Silent on Allegations
Pornhub and its corporate owner, Ethical Capital Partners, did not respond to requests for comment. Ethical Capital Partners is based in Ottawa, Canada, and acquired Pornhub’s parent company in 2023.
The alleged breach was first reported by cybersecurity news outlet Bleeping Computer.
Pornhub is one of the world’s most visited websites, reporting more than 100 million daily visits and approximately 36 billion visits per year, according to company figures. Its premium service offers ad-free viewing, high-definition content, and virtual reality features.
Links to Earlier Data Breaches
ShinyHunters said the data it obtained covered at least 14 premium users. Reuters was able to match details for six individuals in the sample to information previously leaked in older breaches and preserved by the dark web intelligence firm District 4 Labs.
Three of those individuals confirmed they had previously subscribed to Pornhub’s premium service.
It remains unclear how the hackers accessed the data. ShinyHunters declined to provide technical details about the breach.
Mixpanel Incident Raises Questions
In a statement issued on December 12, Pornhub disclosed what it described as a recent cybersecurity incident involving third-party analytics provider Mixpanel. Pornhub said the incident affected an undisclosed number of premium users and occurred within Mixpanel’s environment, involving a limited set of analytics events.
Mixpanel separately disclosed a security incident on November 27. However, the company denied any link between that incident and the data claimed by ShinyHunters.
Mixpanel said the last access to Pornhub-related data in its systems occurred in 2023 by a legitimate employee account at Pornhub’s parent company. If the data is now held by unauthorized parties, Mixpanel said it does not believe the exposure resulted from its November incident.
ShinyHunters disputed that claim, telling Reuters that the data was connected to the Mixpanel breach. Mixpanel rejected the assertion, saying an investigation conducted with external cybersecurity experts found no evidence that Pornhub was among the affected clients.
ShinyHunters’ Track Record
ShinyHunters is a well-known hacking collective linked to multiple high-profile data thefts and extortion attempts. In recent months, the group has claimed responsibility for breaches involving customers of enterprise software firms such as Salesforce and luxury retailers in the United Kingdom.
The group typically combines data theft with extortion threats, pressuring companies to pay ransoms to avoid public exposure of sensitive customer information.
Broader Implications for Online Privacy
The incident highlights ongoing concerns about data security, especially for platforms handling sensitive user information. Even when data is several years old, exposure can pose serious risks to privacy, reputational harm, and personal safety.
As investigations continue, the case underscores the growing pressure on digital platforms and their third-party service providers to strengthen data protection and transparency around cybersecurity incidents.
