- Pornhub says a Mixpanel compromise exposed some Premium user data, but not passwords or payment information
- Mixpanel disputes that their November breakup leaked Pornhub data, while ShinyHunters claims responsibility
- Attackers reportedly have 94 GB of sensitive records, including emails, activity details and view metadata
Adult site Pornhub has revealed that some of its Premium members had their data compromised as part of a third-party supply chain attack.
In a data breach notification letter published on the company’s website dated December 12, Pornhub explained that unnamed threat actors compromised Mixpanel, a third-party data analytics provider that the company has not worked with since 2021.
There, the hackers succeeded in obtaining some sensitive data generated by the platform’s Premium users. No passwords, credentials, payment information or public IDs were taken, it stressed.
Hiding in plain sight
“Like Google, ChatGPT and others that were compromised as part of the same attack, Mixpanel informed us of this breach,” it said. “Although we have not worked with Mixpanel since 2021, it is our responsibility to ensure that we inform you of this event.”
Pornhub did not share any further details, such as the number of people affected by the breach, the nature of the information stolen or the identity of the attackers.
The company said it launched a “comprehensive internal investigation”, involving relevant authorities as well as Mixpanel. It urged users to “remain wary” of incoming email messages, especially those claiming to be from Pornhub.
The breach Pornhub refers to – which also affected Google and ChatGPT – was disclosed in November 2025, with the Mixpanel breach attributed to ransomware actors ShinyHunters.
However, there are conflicting reports surrounding the attack, as reported by Mixpanel for example Bleeping Computer it does not believe Pornhub data was snagged during the incident in question.
“Mixpanel is aware of reports that Pornhub has been blackmailed with data allegedly stolen from us,” Mixpanel told the publication. “We can find no evidence that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”
“The data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe it is the result of a security incident at Mixpanel.”
The same publication also said ShinyHunters confirmed being behind the breach. They claim to have stolen 94 GB of data and have more than 200 million records. They shared a sample that apparently proves the information they stole was very sensitive, including email addresses, activity type, location, video URL, video names, keywords associated with videos, and the time the video was viewed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
