PornHub is facing extortion after the ShinyHunters gang gained access to historical Premium user data. The breach stems from a previous compromise at Mixpanel, the analytics provider PornHub used until 2021.
Mixpanel suffered a smishing attack on November 8, 2025, which allowed attackers to access systems. PornHub clarified that the exposed data comes from historical analytics records, not its own systems. Passwords, payment information, and other financial data were not affected.
ShinyHunters claims to have obtained 94 gigabytes of data containing more than 200 million records. The information includes email addresses, search history, video watch and download activity, video names, associated keywords, and timestamps.
A sample of the leaked data reviewed by BleepingComputer shows sensitive activity that users would expect to remain private. ShinyHunters confirmed that this is part of a larger trend in 2025, having also targeted Salesforce integration companies, Oracle E-Business Suite, and other analytics platforms.
The group is now creating a ransomware-as-a-service platform called ShinySpid3r. It will allow affiliates, including those connected to Scattered Spider, to conduct ransomware attacks.
For everyday users, this breach highlights how digital footprints can remain exposed years after the fact. Even historical analytics data can be weaponized by cybercriminals. Companies are custodians of this information, but breaches show that the responsibility to protect it extends beyond the moment data is collected.
Email inquiries to hello@laterstack.com
Related Laterstack Cybersecurity Stories
ICE Expands Cybersecurity Contract to Intensify Employee Surveillance
Airbus Moves Critical Workloads to European Sovereign Cloud Amid Security Concerns
Is Your Vibrator Spying on You? Understanding App-Connected Sex Toy Data
Apple and Google Roll Out Emergency Patches After Active Zero-Day Exploits