- According to Pornhub, a Mixpanel compromise exposed some premium user data, but no password or payment information.
- Mixpanel denies November Pornhub data breach, while ShinyHunters claims responsibility
- The attackers reportedly had 94 GB of sensitive data sets, including emails, activity details and metadata views.
Adult entertainment site Pornhub has revealed that the data of some of its premium members has been compromised by a third-party attack on its supply chain.
In a data breach notice on the company’s website dated Dec. 12, Pornhub said anonymous threat actors had compromised Mixpanel, a third-party data analytics provider the company has not worked with since 2021.
There, hackers managed to obtain confidential data generated by the platform’s premium users. No passwords, login credentials, payment information or government identification documents were stolen, he added.
Hidden in plain sight
“As Google, ChatGPT and others were compromised in the same attack, Mixpanel notified us of this breach,” the company said. “Although we will no longer be working with Mixpanel from 2021, it is our responsibility to ensure that we inform you of this event.”
Pornhub did not provide additional details, such as the number of people affected by the breach, the type of information stolen or the identity of the attackers.
The company said it had launched an “in-depth internal investigation” and had involved the relevant authorities and Mixpanel. It urged users to “stay alert” to incoming emails, especially those claiming to be from Pornhub.
The bug mentioned by Pornhub, which also affected Google and ChatGPT, was discovered in November 2025 and the Mixpanel bug was attributed to the authors of the ShinyHunters ransomware.
But as Mixpanel noted, there are conflicting reports about the attack. BeepTeam It is not believed that any Pornhub data was stolen in this incident.
“Mixpanel is aware of reports that Pornhub is being blackmailed with stolen data,” Mixpanel told the paper. “We found no evidence that this data was stolen from Mixpanel during our November 2025 security incident or by any other means.”
“The data was last accessed from a legitimate employee account of Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized person, we do not believe it is due to a security incident at Mixpanel.”
The same message also claims that ShinyHunters has confirmed that they are behind the breach. They claim to have stolen 94 GB of data containing over 200 million records. They shared an example that appeared to show that the stolen information was very sensitive and included email addresses, company type, location, video URL, video name, keywords associated with the videos, and the time the video was viewed.
