The notorious hacking collective ShinyHunters has claimed responsibility for a major data breach at Mixpanel, a popular analytics provider, exposing limited user data tied to Pornhub Premium accounts.
The incident, which has only affected select Premium subscribers, has raised concerns within the cybersecurity community. Although Pornhub emphasizes that this was not a direct breach of its systems, the situation highlights the risks associated with third-party vendors managing sensitive analytics data.
ShinyHunters, known for high-profile leaks such as the LinkedIn data dumps, publicly claimed responsibility for the Mixpanel breach on BreachForums.
They advertised “fresh Pornhub Premium user analytics” among datasets from victims like Google and ChatGPT. Security researchers confirmed the group’s post aligns with Mixpanel’s internal notification to clients.
PornHub Breached by ShinyHunters
Pornhub’s official statement clarifies the scope: the breach occurred entirely within Mixpanel’s environment, involving a “limited set of analytics events” for some Premium users.
Crucially, no passwords, credentials, payment details, or government IDs were compromised. Pornhub ceased using Mixpanel in 2021, but legacy user-interaction data, such as session logs or behavioral metrics, may have been scraped.
| Affected Data | Status | Risk Level |
|---|---|---|
| Analytics events (e.g., session data) | Exposed (limited users) | Low |
| Passwords/credentials | Not exposed | None |
| Payment/financial info | Not exposed | None |
| Government IDs | Not exposed | None |
Pornhub launched an internal probe immediately upon Mixpanel’s alert, enlisting cybersecurity experts and coordinating with authorities. “We are working diligently to determine the nature and scope,” the company stated, committing to “best practices in cybersecurity and international privacy standards.”
Users are urged to monitor accounts for phishing or odd activity. Enable multi-factor authentication (MFA) and scan for malware, experts advise. Pornhub reiterated: protecting its community remains the top priority.
This event echoes supply-chain vulnerabilities seen in SolarWinds and MOVEit attacks. Mixpanel’s breach highlights how dormant vendor ties can resurface risks years later. As ShinyHunters peddles the data, affected users should check Have I Been Pwned for updates.
Avoid responding to phishing emails claiming to be from Pornhub. No password resets are required at this time, as login credentials were not affected.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
