Hacking group ShinyHunters threatens to expose premium users of sex site Pornhub

WASHINGTON – Hacking group ShinyHunters said on Dec 16 it has stolen data belonging to premium customers of the leading sex website Pornhub and is threatening to publish it.

Although Reuters could not immediately establish the scope, scale or details of the breach, the hackers provided a sample of the data which the news agency was able to partially authenticate.

At least three former Pornhub customers – two men in Canada and a man in the United States – confirmed to Reuters that the data pertaining to them was authentic, albeit several years old. They spoke on condition of anonymity given the sensitivity of the matter.

“We are demanding a ransom payment in Bitcoin to prevent the publication of data and delete the data,” ShinyHunters told Reuters in an online chat.

Pornhub and its corporate owners, Ottawa, Canada-based Ethical Capital Partners, did not return messages. News of the breach was reported earlier by cybersecurity news site Bleeping Computer.

Pornhub, which claims more than 100 million daily visits and 36 billion visits per year, is one of the web’s most popular purveyors of sexual content, particularly videos, many of which are free to view.

ShinyHunters shared data from what it said were 14 users of Pornhub’s premium service, which offers high-definition videos, advertisement-free watching and virtual reality.

Reuters was able to match the details of six people in ShinyHunters’ data to information dumped online during previous data breaches and preserved by the dark web intelligence firm District 4 Labs.

Three of the affected people confirmed to Reuters that they had, at one point, been signed up to Pornhub’s premium service.

Reuters could not immediately ascertain how ShinyHunters acquired the data. ShinyHunters said it would not go into detail about the breach.

In a statement issued on Dec 12, Pornhub disclosed what it said was a recent cybersecurity incident involving third-party data analytics provider Mixpanel which affected an undisclosed number of Premium users.

The statement added that the incident occurred in Mixpanel’s environment and involved a “limited set of analytics events for some users”. Mixpanel, which offers its clients detailed visibility into user data and activities, disclosed a cybersecurity incident on Nov 27.

The company said to Reuters on Dec 16 that it was aware of Pornhub’s statement, but that it “can find no indication that this data was stolen from our November 2025 security incident or otherwise”.

Pornhub’s data with Mixpanel was last accessed by “a legitimate employee account at Pornhub’s parent company in 2023”, according to the statement.

“If this data is in the hands of an unauthorised party, we do not believe that is the result of a security incident at Mixpanel.”

ShinyHunters is an established hacking group linked to a string of high-profile hacks and extortion attempts in recent months, including data on customers of Salesforce and luxury retailers in Britain. REUTERS