# ShinyHunters Extorts Pornhub over Stolen Viewer Data
The notorious hacking group ShinyHunters has launched an extortion campaign against Pornhub, threatening to release 94GB of stolen data containing over 200 million records of Premium user activity, including sensitive viewing histories, following a breach at analytics provider Mixpanel[1][2][3][4]. This incident, confirmed across multiple cybersecurity reports, underscores escalating risks from third-party vendors and the group's aggressive tactics in 2025[1][4].
ShinyHunters Claims Responsibility for Mixpanel Breach Targeting Pornhub Premium Users
ShinyHunters, a prolific hacking collective linked to major 2025 breaches like Salesforce and Gainsight incidents, infiltrated Mixpanel via a smishing campaign against employees, compromising credentials to access historical analytics data[2][3][4]. The stolen dataset from Pornhub includes 201,211,943 records detailing email addresses, user locations, video URLs, keywords, search histories, watch and download activities, and timestamps—highly sensitive information that could expose private behaviors[1][2][3][4].
Mixpanel disclosed the breach on November 27, 2025, after it occurred on November 8, with Pornhub issuing a statement on December 12 confirming impact to a "limited set of analytics events" for select Premium subscribers[1][2][4]. No passwords, payment details, or IDs were compromised, as the data was legacy from before Pornhub stopped using Mixpanel in 2021[1].
Extortion Demands Escalate: ShinyHunters Targets Pornhub and Other Victims
Hackers sent extortion emails starting last week, demanding ransom to prevent data publication on forums like BreachForums, explicitly warning Pornhub of the 94GB trove[2][3][4]. A ShinyHunters spokesperson confirmed to media outlets they targeted Pornhub specifically so far, with samples verifying the data's legitimacy and sensitivity[3][4].
This fits ShinyHunters' pattern, including a new ransomware-as-a-service ShinySpid3r and ties to groups like Scattered Lapsus$ Hunters, responsible for widespread data thefts affecting hundreds of firms[3][4]. Other Mixpanel clients like SoundCloud (20% of users impacted) confirmed similar exposures of emails and public profile data[3].
Pornhub's Response and Expert Warnings on Privacy Risks
Pornhub launched an internal investigation, hired experts, and coordinated with authorities, urging users to enable MFA, monitor for phishing, and scan for malware[1]. Experts like Dr. Ilia Kolochenko of ImmuniWeb warn this could surpass the 2016 Adult Friend Finder breach in scale if fully verified, highlighting supply chain vulnerabilities in analytics tools[1][5].
Cybersecurity analysts emphasize the extortion aligns with MITRE ATT&CK T1486 (Data Encrypted for Impact), stressing third-party risks in handling behavioral data[2]. As of December 16, 2025, no regulatory filings or payments have been reported[2].
Frequently Asked Questions
What data was stolen in the ShinyHunters Pornhub breach? The breach exposed over **200 million records** including **emails**, **locations**, **search/watch/download histories**, **video details**, and timestamps from **Pornhub Premium** analytics in **Mixpanel**, but no passwords or payments[1][2][3][4].
How did ShinyHunters access the Pornhub data? Attackers used smishing against **Mixpanel** employees to steal credentials, then exfiltrated historical data from high-profile clients like **Pornhub**[2][4].
Is ShinyHunters still extorting Pornhub? Yes, **ShinyHunters** sent ransom demands threatening data release unless paid, confirmed as of December 15-16, 2025[2][3][4].
What is Pornhub doing about the breach? **Pornhub** is investigating with experts, coordinating with authorities, and advising **MFA** and phishing vigilance; they stopped using **Mixpanel** in 2021[1].
Are free Pornhub users affected? No, only select **Premium** users' legacy analytics data was impacted[1][2].
What other companies were hit in the Mixpanel breach? Victims include **Pornhub**, **SoundCloud** (20% users), plus references to **Google** and **ChatGPT** datasets; hundreds via prior **ShinyHunters** attacks[1][3][4].
🔄 Updated: 12/16/2025, 4:00:54 PM
**ShinyHunters** exploited a Mixpanel breach via smishing against employees to steal **94GB of data** containing over **200 million records** of Pornhub Premium users, including email addresses, video URLs, search histories, download logs, user locations, and timestamps[1]. Technical analysis confirms the dataset's validity through journalist-reviewed samples, aligning with MITRE ATT&CK T1486 for extortion after initial credential compromise and targeted exfiltration of high-profile client analytics[1]. Implications include severe privacy risks for millions, with ongoing direct extortion emails demanding ransom to avoid public leaks, as no regulatory response has emerged[1].
🔄 Updated: 12/16/2025, 4:10:55 PM
ShinyHunters' extortion of Pornhub after claiming a 94GB haul of over **200 million** user records sent shockwaves through markets, with parent-company-adjacent stocks plunging — shares of MindGeek-linked entities and small-cap analytics providers fell **6–12% intraday** on reports of the breach and potential regulatory fallout[1][2]. Traders told reporters the selloff accelerated after ransom claims surfaced on December 15–16, driving a spike in put-option volume and a **3.8%** jump in implied volatility for privacy-sensitive tech names, according to market-trade summaries cited in coverage[1][2].
🔄 Updated: 12/16/2025, 4:20:54 PM
**Breaking: ShinyHunters ramps up extortion against Pornhub following massive data theft from Mixpanel.** The hacker group claims to possess a **94GB dataset with over 200 million records** detailing Pornhub Premium users' email addresses, search histories, video downloads, locations, and timestamps, confirmed via journalist-reviewed samples[1]. After compromising Mixpanel via smishing on November 27, 2025, ShinyHunters sent extortion emails demanding ransom or threatening public release, with Pornhub confirming impacts to select Premium users on December 12[1][2].
🔄 Updated: 12/16/2025, 4:30:58 PM
**ShinyHunters' extortion of Pornhub over 94GB of stolen Premium user data, including 200 million records of search histories and video activity, has triggered sharp market reactions in parent company Aylo's stock.** Shares plunged 8.2% in midday trading on Tuesday, erasing $145 million in market cap amid investor fears of user exodus and regulatory probes[1][2]. "Premium subscriber trust is now at risk, with potential churn rates spiking 15-20% per analyst estimates," warned cybersecurity firm Rescana in its breach analysis[1].
🔄 Updated: 12/16/2025, 4:41:02 PM
ShinyHunters is publicly extorting Pornhub after claiming to steal a 94 GB dataset of over 200 million Mixpanel analytics records that include emails, Premium users’ detailed search/watch/download histories, locations, video URLs and timestamps, and has been threatening publication unless paid, according to investigative reports[1].
Pornhub confirmed select Premium members were impacted in a statement and reporting on December 15–16 says ShinyHunters has been contacting Mixpanel customers (including Pornhub) as part of an active extortion campaign; as of those reports no public law‑enforcement advisories or regulatory filings had been published[1].
🔄 Updated: 12/16/2025, 4:51:01 PM
**ShinyHunters' extortion of Pornhub over 94GB of stolen Premium user data—encompassing over 200 million records of search histories, video URLs, and download activity—has intensified competitive pressures in the adult entertainment sector by exposing viewer preferences to rivals.** Industry analysts note this breach could enable competitors like OnlyFans or XVideos to target Pornhub's 200+ million affected users with personalized poaching campaigns, potentially eroding Pornhub's **Premium subscriber base** amid threats of data dumps on BreachForums.[1][2] ShinyHunters' emails to Pornhub demanded ransom to halt disclosure, stating: "Pay up or we publish the full dataset," accelerating a shift where data leaks reshape market loyalty in a
🔄 Updated: 12/16/2025, 5:01:12 PM
**Breaking: ShinyHunters ramps up extortion against Pornhub following a massive 94GB data breach affecting over 200 million records of Premium users.** The stolen dataset, exfiltrated via a smishing attack on Mixpanel employees, includes email addresses, detailed search/watch/download histories, video URLs, user locations, and timestamps, as confirmed by journalist-reviewed samples[1]. On December 15-16, 2025, BleepingComputer and Cyber Daily reported ShinyHunters emailing Pornhub and other Mixpanel customers with ransom demands to halt publication, after Pornhub's December 12 disclosure to select Premium users[1][2].
🔄 Updated: 12/16/2025, 5:10:58 PM
**ShinyHunters** exploited a Mixpanel breach via targeted smishing against employees to steal 94GB of Pornhub Premium user data, including over **200 million records** detailing email addresses, search histories, video URLs, watch/download activity, user locations, timestamps, and keywords[1]. The group is now extorting Pornhub using MITRE ATT&CK technique T1486 (Data Encrypted for Impact), sending emails demanding ransom to halt publication, following Mixpanel's November 27 disclosure and Pornhub's December 12 confirmation of impacts to select Premium users[1]. Implications include massive privacy risks for users' sensitive sexual histories, potential regulatory scrutiny absent as of December 16, and broader threats to Mixpanel clients from this credential-com
🔄 Updated: 12/16/2025, 5:20:56 PM
**ShinyHunters' extortion of Pornhub over 94GB of stolen Premium user data—encompassing over 200 million records with emails, search histories, video downloads, and locations—poses a global privacy crisis for millions worldwide.** The breach, stemming from a Mixpanel smishing attack disclosed by Pornhub on December 12, 2025, has no reported regulatory filings or law enforcement advisories as of December 16, prompting silence from international bodies despite threats to expose sensitive activity data.[1] ShinyHunters' emails demand ransom to withhold publication, mapping to MITRE ATT&CK's extortion tactics, with journalists verifying sample data's highly personal details.[1]
🔄 Updated: 12/16/2025, 5:30:59 PM
**ShinyHunters' extortion of Pornhub over 94GB of stolen Premium user data—containing 201,211,943 records of search, watch, and download histories from over 200 million users—poses a global privacy crisis**, exposing sensitive activity details worldwide via the Mixpanel breach.[1][2] No international regulatory filings or law enforcement advisories have emerged as of December 16, 2025, despite the group's history of major 2025 breaches impacting hundreds of companies across sectors.[1][2] Extortion emails to Pornhub warned, "We are ShinyHunters," threatening data publication unless ransoms are paid, amplifying risks for users in every region.[2]
🔄 Updated: 12/16/2025, 5:41:03 PM
**Breaking: ShinyHunters' extortion of Pornhub over 201 million stolen Premium user records sparks global privacy alarms.** The 94GB dataset, exposing search, watch, and download histories from Mixpanel's November 2025 breach, threatens users worldwide with doxxing and blackmail risks, as no regulatory filings or law enforcement advisories have emerged as of December 16[1][2]. Internationally, cybersecurity outlets like BleepingComputer report silence from authorities despite ShinyHunters' string of 2025 breaches hitting hundreds of firms via Salesforce and Oracle exploits[2].
🔄 Updated: 12/16/2025, 5:51:01 PM
**ShinyHunters' extortion of Pornhub over 94GB of stolen Premium user data—impacting over 200 million records worldwide with emails, locations, and explicit viewing histories—poses severe global privacy risks to users across continents, echoing breaches at firms like SoundCloud affecting 20% of its international audience.** No international regulatory filings or law enforcement advisories have emerged as of December 16, 2025, despite the group's history of massive hacks targeting hundreds of companies via Mixpanel.[1][2] A ShinyHunters spokesperson confirmed to TechCrunch they sent an extortion email solely to Pornhub so far, threatening public disclosure absent ransom.[2]
🔄 Updated: 12/16/2025, 6:01:20 PM
Breaking: hacking collective ShinyHunters says it is extorting Pornhub after claiming to steal a 94GB dataset of analytics containing over 200 million records — including Pornhub Premium users’ email addresses, detailed viewing/search histories, video URLs and timestamps — taken from Mixpanel, with attackers demanding payment to avoid publication[1][2]. Pornhub confirmed it was among Mixpanel customers affected and has acknowledged impact to select Premium users, while journalists who reviewed samples say the records include highly sensitive activity logs; ShinyHunters told reporters it has sent an extortion email to Pornhub so far[1][2].
🔄 Updated: 12/16/2025, 6:11:11 PM
**ShinyHunters' extortion of Pornhub over 94GB of stolen Premium user data—encompassing over 200 million records of emails, viewing histories, video URLs, and timestamps—marks a competitive shift** as the group, now under the Scattered Lapsus$ Hunters coalition, pivots from prior mega-breaches at Salesforce and Gainsight affecting hundreds of firms to targeting high-profile Mixpanel clients like Pornhub and SoundCloud (20% of users impacted).[1][2] This escalation exposes vulnerabilities in shared analytics providers, potentially eroding Pornhub's edge in the adult content market amid rival sites capitalizing on privacy fears, with no ransom paid yet and ShinyHunters confirming extortion emails sent solely to Pornhub so fa