Massive Data Leak Hits Pornhub, Exposing Over 200 Million User Records
WASHINGTON, D.C. — In a significant cybersecurity breach that has sent ripples through the online adult entertainment industry, the hacking collective known as ShinyHunters has claimed responsibility for stealing approximately 94 gigabytes of user data from Pornhub, encompassing more than 200 million records. The group has demanded a ransom in Bitcoin, threatening to release the sensitive information publicly if their demands are not met.
According to detailed reporting by BleepingComputer, the data allegedly stolen centers on Pornhub Premium users and includes a trove of highly sensitive information. While financial data such as payment details and passwords remain secure, the leaked dataset reportedly contains email addresses, user activity logs, search histories, video URLs and titles, timestamps, and location data. These records reveal whether users watched or downloaded videos and which channels they viewed, raising serious privacy concerns should the data be made public.
Pornhub has responded swiftly to the breach, emphasizing in a security notice that its core systems were not compromised. The company reassured users that passwords and payment information were not exposed, thereby mitigating the immediate risk of financial fraud. However, the exposure of detailed viewing habits and search activity still poses long-term privacy risks for millions of users.
The breach appears to be linked to a previous security incident involving Mixpanel, a data analytics vendor that worked with Pornhub until 2021. In November 2025, Mixpanel suffered a smishing attack that granted unauthorized access to its systems. However, Mixpanel has stated it found no evidence that Pornhub data was taken during that incident. The age of the data aligns with Pornhub’s discontinuation of its relationship with Mixpanel, suggesting the stolen information is several years old. Reuters verified the accuracy of some leaked records with affected users, who confirmed the data was outdated but authentic.
This incident underscores the growing threat posed by cybercriminal groups who leverage stolen data for extortion. The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have increasingly warned about ransomware and data leak extortion schemes targeting companies across industries. ShinyHunters, known for previous high-profile data breaches, has escalated its tactics by threatening to release years-old activity data, which, while not financially sensitive, could lead to reputational damage and privacy violations for users.
Experts emphasize the importance of robust cybersecurity measures and user vigilance. The National Cyber Security Alliance recommends that users regularly update passwords, enable multifactor authentication where possible, and monitor accounts for suspicious activity.
As investigations continue, Pornhub has yet to provide further public comment. Meanwhile, users and privacy advocates remain concerned about the implications of such a massive leak, particularly given the sensitive nature of the content involved. The incident highlights the ongoing challenges faced by digital platforms in safeguarding user data against increasingly sophisticated cyber threats.
Leave a Reply