News
Hackers say they’ve got Pornhub Premium data from an analytics breach
It includes registered email addresses, approximate location, and activity details like which videos users watched
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
A hacking group called Scattered Lapsus$ Hunters says it’s trying to extort Pornhub, after allegedly getting its hands on personal data belonging to Pornhub’s premium users.
Yes, that kind of personal data.
The hackers, who include members of the notorious ShinyHunters, claim the information came from a breach tied to Mixpanel.
This widely used analytics provider tracks what people do on websites and apps.
Pornhub confirmed on Friday that it was among several companies affected by an earlier Mixpanel breach, saying some “analytics events” tied to Pornhub Premium users were exposed.
That phrase, “analytics events,” sounds harmless until you see what it actually means.
According to reporting by Bleeping Computer, a sample of the stolen data includes registered email addresses, approximate location, and activity details like which videos users watched, the video titles, URLs, keywords, and even timestamps.
Mixpanel CEO Jen Taylor did not respond to requests for comment, and Pornhub declined to answer detailed questions, pointing instead to its public statement.
Meanwhile, a ShinyHunters spokesperson told TechCrunch that Pornhub is the only company they’ve contacted for extortion so far, though they wouldn’t say how many other companies were caught up in the breach.
Mixpanel disclosed the incident just before Thanksgiving, saying it discovered the breach on November 8 but didn’t name affected customers.
Later, OpenAI, along with CoinTracker and SwissBorg, confirmed they were impacted.
Mixpanel reportedly has around 8,000 customers, many with millions of users, so the blast radius could be huge.
The exact data exposed depends on how each company configured Mixpanel, which is designed to log user behavior, clicks, views, devices, networks, and more.
That same breach also hit SoundCloud, which said about 20% of its users were affected.
As for Scattered Lapsus$ Hunters, this isn’t their first rodeo. The group has been linked to major breaches this year involving Salesforce and Gainsight customers.
The takeaway? Sometimes the riskiest thing online isn’t what you click, it’s who’s quietly watching in the background.
Follow us on Flipboard, Google News, or Apple News
Gift Guide
KnowTechie’s holiday gift guide (2025)
Buying Guide
Here are the best STEM toys on the market today
