Adult video platform PornHub says it is being extorted by the ShinyHunters gang after the search and watch history of some Premium members was reportedly stolen in a breach involving analytics vendor Mixpanel on Nov. 8, 2025.
PornHub posted a security notice saying the incident affected only select Premium users, that it was not a breach of PornHub Premium systems, and that passwords, payment details and financial information were not exposed. The company also said it has not worked with Mixpanel since 2021, indicating the records are historical.
Mixpanel, which said the breach affected a limited number of customers and has been disclosed by other firms, told the reporting outlet it can find no indication the data was stolen from Mixpanel during its November 2025 security incident. Mixpanel added that the data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023 and said it does not believe the records originated from its November incident; more information is available on the vendor site.
The extortion gang began sending emails to Mixpanel customers last week and told PornHub it had stolen 94GB of data containing over 200 million records. ShinyHunters later told the reporting outlet it had 201,211,943 records of historical search, watch and download activity for Premium members. A small sample reviewed by the reporting outlet showed analytic events that included email addresses, activity type, location, video URLs and names, keywords and timestamps.
ShinyHunters has been linked to a string of breaches this year, including compromises of Salesforce integration companies, thefts tied to an Oracle E-Business Suite zero-day, a Gainsight breach and claims of large Salesforce dataset thefts. The group has also announced a ransomware-as-a-service offering called ShinySpid3r and been associated with actors linked to Scattered Spider.