Pornhub has begun contacting more than 200 million premium subscribers to warn that their personal information and browsing history may have been compromised in a significant security incident.
The adult entertainment platform said hackers had successfully breached Mixpanel, a third-party analytics service the company previously used to monitor website traffic.
The intrusion potentially exposed partial search history records from users of the site.
Pornhub made the announcement on December 12, revealing that the breach originated from an incident in November affecting its former analytics partner.
Pornhub has begun contacting more than 200 million premium subscribers
|
GETTY
Premium membership costs $14.99 (£11.18) monthly and provides access to “exclusive content” unavailable to free users.
Cybercriminals sent an extortion demand to Pornhub claiming possession of an extensive dataset containing over 200 million records, according to Bleeping Computer.
The allegedly stolen information includes email addresses, geographical locations, titles of videos viewed, search terms entered by users, types of activity and precise timestamps.
ShinyHunters, a notorious cybercrime collective, has taken credit for the attack and begun publicly advertising what it describes as Pornhub Premium analytics data.
Cybercriminals sent an extortion demand to Pornhub claiming possession of an extensive dataset
|
GETTYThe group has also referenced major technology companies among its purported targets.
The sensitive nature of the exposed data raises particular concerns given the platform’s adult content focus.
Pornhub has stressed that the incident did not involve a direct breach of its own systems.
The company said: “We recently learned that an unauthorized party gained unauthorized access to analytics data stored with Mixpanel, a third-party data analytics service provider.”
Pornhub has stressed that the incident did not involve a direct breach of its own systems
|
GETTY
The platform has assured users that their passwords, login credentials and government identification documents remained secure and were not exposed during the attack.
Payment information was similarly unaffected.
The company confirmed it has since locked down the compromised account and terminated the unauthorised access.
Pornhub ceased working with Mixpanel in 2023, meaning any stolen records date from that year or earlier, Bleeping Computer reported.
Mixpanel’s chief executive Jen Taylor responded to the incident, stating: “We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts.”
The analytics firm also brought in external cybersecurity specialists to address the breach, though it told Bleeping Computer it could not confirm whether the circulating Pornhub data originated from the November incident.
Pornhub has urged affected users to remain alert for phishing attempts and suspicious communications.
The company said: “While our investigation is ongoing, we encourage all users to remain vigilant by monitoring their accounts for any suspicious emails or unusual activity.”
Authorities have been notified and cybersecurity experts engaged to conduct an internal inquiry.
