Hackers have stolen Pornhub members' search and activity data

The group claims it accessed emails, locations, URLs, video names, and keywords

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Facepalm: In another example of why people aren't overly keen to hand their details over to porn companies, Pornhub Premium members have had their search and activity data stolen in a hack. The adult entertainment platform is being extorted along with other customers of a third-party service that Pornhub says was compromised.

Pornhub published a security post on December 12 stating that a recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users.

The company emphasizes that the incident was not a breach of Pornhub's own systems, adding that Premium users' passwords, payment details, and financial information remain secure and were not exposed.

The Mixpanel attack took place on November 8. It wasn't just Pornhub that was affected: OpenAI wrote that some of its API users also had their related analytics data stolen. Google and CoinTracker also confirmed they were impacted.

Pornhub said it hasn't worked with Mixpanel since 2021, so the stolen records are several years old. Still, that will be little comfort to long-term or former Premium members who'd rather their search history and activity didn't become public knowledge.

Bleeping Computer writes that the attackers used an SMS phishing, aka smishing, attack to compromise Mixpanel's systems.

// Related Stories

• Notepad++ users urged to update immediately after hackers hijack the app's updater
• Xbox suffers a brutal 69% drop in Pornhub traffic as PlayStation dominates

The publication adds that hacker group ShinyHunters began extorting Mixpanel customers last week. It sent emails warning that the stolen data would be published if a ransom was not paid.

The group's demand to Pornhub included the claim that it had stolen 94GB of data. It told Bleeping Computer that the information consists of over 201 million records of historical search, watch, and download activity for Pornhub's Premium members.

A sample of the data included the Pornhub Premium members' email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred. It also showed whether the video was just watched or downloaded.

Interestingly, Mixpanel denies that this information came from the November breach. "The data was last accessed by a legitimate employee account at Pornhub's parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel," it said.

Hacks on porn sites – or related third-party services – are one of the main reasons why people are resistant to using facial scans to confirm their age. The introduction of this measure has led to a massive increase in VPN usage in the UK and several US states.