In a significant cybersecurity incident, hackers have successfully accessed the private viewing habits and search histories of premium users on Pornhub, one of the world's most visited adult websites.
Scope and Source of the Breach
The attack, first reported by the website BleepingComputer, is believed to have compromised a staggering 201 million data records. This trove of information includes email addresses, specific search queries, video viewing activity, and the geographical locations linked to Pornhub Premium accounts. The pornography giant, which claims over 100 million daily visits globally, stated the breach originated not from its own systems but from a third-party analytics provider.
Pornhub clarified that the incident resulted from an attack on Mixpanel, a company it previously used for data analytics. The firm emphasised it ceased working with Mixpanel in 2021, indicating the stolen data is historical and not recent. "It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed," the company said in an official statement.
The Hackers and Their Demands
The cyber-attack has been attributed to a western-based group known as ShinyHunters. According to cybersecurity experts at Sophos, this group is typically composed of native English speakers in their late teens to early twenties and is part of a broader cybercriminal network called The Com (The Community).
Reports indicate that ShinyHunters has made an extortion demand to the Canadian-owned website. The Reuters news agency communicated with a member of the group via an online chat, who was reportedly demanding a bitcoin payment to prevent the publication and to delete the stolen data. The specific data extracted includes detailed analytics such as video URLs, video titles, associated keywords, and timestamps of user activity.
Reactions and Current Status
Mixpanel, the analytics firm at the centre of the incident, stated it was "aware" of the alleged data theft but claimed it had found no evidence linking it to a cyber-attack on its business last month. Meanwhile, cybersecurity firm Sophos told The Guardian that, as of now, there is no evidence of the Pornhub data being released on dedicated leak sites or on online platforms associated with ShinyHunters.
This breach highlights the persistent risks to user privacy in the digital age, especially when sensitive data is shared with third-party service providers. While financial data appears safe, the exposure of intimate viewing preferences and search histories represents a profound violation of privacy for the "select" number of premium users affected. Both Pornhub and Mixpanel have been approached for further comment on the developing situation.
