Pornhub is contacting more than 200 million of its premium subscribers with an urgent warning: their personal data and search history on the adult content platform may have been stolen in a significant security incident.
Third-Party System Infiltrated by Hackers
The breach did not originate from Pornhub's own servers. Instead, cybercriminals targeted a third-party system the website uses to analyse traffic and user behaviour. According to reports from Bleeping Computer, the hackers infiltrated the analytics platform Mixpanel.
In an extortion demand sent to the company, the attackers claimed to possess a massive data set containing over 200 million entries. The alleged stolen information includes:
- Email addresses
- User locations
- Video titles viewed
- Search keywords used
- Types of activity performed
- Detailed timestamps
Pornhub's Response and User Reassurances
Pornhub has confirmed the unauthorised access in an official statement. "We recently learned that an unauthorised party gained unauthorised access to analytics data stored with Mixpanel, a third-party data analytics service provider," the company said.
The platform was keen to stress that this was not a breach of its own internal systems. It assured users that more sensitive credentials, such as passwords and government-issued identification documents, were not compromised or exposed in this incident.
The company stated that the unauthorised party was only able to extract "a limited set of analytics events for some users." Pornhub added that it has since secured the affected account and stopped the unauthorised access.
Scale and Implications of the Breach
The potential exposure affects the site's premium user base, who pay $14.99 per month for access to millions of videos, including over 100,000 exclusive premium videos not available to non-paying visitors.
The incident highlights the growing cybersecurity risks associated with third-party service providers, even for major online platforms. While core login details may be safe, the exposure of analytics data—which can reveal intimate details of a user's browsing habits and preferences—represents a serious privacy violation.
This is a developing story, and further updates are expected as the investigation continues.
