The infamous hacking group ShinyHunters have struck again, this time stealing a massive amount of user data from popular adult video platform Pornhub. It appears, according to recent reporting from Bleeping Computer, that the group is attempting to extort the site for a Bitcoin ransom. Otherwise, they will publish 94GB worth of data containing over 200 million records.
According to ShinyHunters, the records contain extensive data on Premium members including email addresses, activity type, location, video URL, video name, keywords associated with the video and the time the event occurred. Activity types include whether the subscriber watched or downloaded a video, or viewed a channel and events include search histories.
This data breach is related to a November breach of Mixpanel, a data analytics vendor that serves Pornhub (as well as several other platforms including Salesforce). That November breach occurred after a smishing attack gave threat actors access to its systems. Mixpanel has said it does not believe that the data from the Pornhub breach originated from its November attack stating that “we can find no indication that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”
Pornhub has not worked with Mixpanel since 2021, which means that the stolen data would be from that year or earlier. Reuters, who contacted some Pornhub customers to confirm the breach, was able to authenticate that the user data that pertained to those customers was accurate – but was several years old which would be consistent with the Mixpanel data.
Pornhub claims more than 100 million daily visits, and 36 billion visits per year. In their security notice, they clarify that “This was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed.”
How to stay safe after a data breach
This isn't the first large scale data breach, and it certainly won't be the last. As with other data breaches or data leaks, you'll need to perform a full security overhaul.
First, you'll want to make sure that your passwords are all updated, particularly for any accounts involved in the breach. In this case, that would be a Pornhub account, as well as any payment or email accounts associated with it. Using one of the best password manager to generate and then store new, secure passwords for you will certainly make this easier.
The next most important step is to watch out for phishing attempts and social engineering attacks. Be on high alert for texts, emails or even phone calls trying to get you to give out personal information or pressuring you to click on a link, download an attachment or app or go to a website.
This is also a good time to sign up for one of the best identity theft protection services. These services watch out for your personal information online ahead of time before an issue occurs. And when you go online there are other ways to protect your privacy and stay safe too, such as using a VPN and making sure you have one of the best antivirus programs installed.
I doubt this is the last we'll hear of ShinyHunters as this hacking group has made quite the name for itself over the course of this year and I'll update this story if more developments unfold.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
