ShinyHunters Claims Massive Theft of Pornhub Premium Analytics, Demands Ransom

A hacking group identifying itself as ShinyHunters announced on December 16 and 17 that it had stolen analytics records associated with Pornhub Premium accounts and was attempting to extort the company. The incident has been linked to an earlier compromise at Mixpanel, a widely used web and mobile analytics provider, with Pornhub confirming it was among several companies affected by that earlier breach.

The group and a dataset made available to researchers described the collection as historical analytics events rather than account credentials or payment files. The files claimed by the hackers total about 94 gigabytes and roughly 201,211,943 records, a figure variously described as over 200 million records. Shared samples showed fields that included registered email addresses, geographic location information, types of activity indicating which videos and channels were watched, video names and web addresses, keywords associated with videos, and timestamp information for individual events.

Independent checks have partially authenticated samples of the dataset. Two former Pornhub Premium customers provided material that matched records in the shared sample and said the entries were authentic, though they described the data as several years old. Analysts caution that the provenance and full scale of the claimed collection remain unverified publicly, and that samples do not prove completeness or current relevance across the entire dataset.

According to the account of events from the hackers, extortion emails have been sent to Pornhub demanding payment to prevent publication. The group reportedly communicated samples to at least one security outlet as part of its pressure campaign. Pornhub has acknowledged it was affected by the Mixpanel incident and said the exposure involved Premium users. The company and its corporate owners stated that they were not directly hacked and that passwords and financial information were not included in the exposed material. Mixpanel has not released a detailed public technical assessment of the matter as of December 17.

Security experts say the distinction between analytics events and account credentials matters, but it does not eliminate harm. Even analytics records can be highly sensitive when they include email addresses and detailed viewing histories, because those elements can enable identification and create risks of doxxing, blackmail, and reputational damage. Users of adult platforms face particular vulnerabilities, and the disclosure of viewing histories could have consequences for privacy and personal security.

Several important questions remain open. There has been no comprehensive third party forensic verification of the dataset, no public timeline from Mixpanel detailing how the earlier breach occurred, and no authoritative count of the number of affected users or the timespan the events cover. It is also not publicly clear whether law enforcement has been notified or has taken action.

The incident highlights the growing exposure risk that arises when consumer activity is routed through third party analytics services. Companies that collect or manage sensitive user data may need to reassess data minimization practices, vendor risk management, and transparency for users about how analytics events are stored and protected.