Aylo
Company Details
Linkedin ID:
ayloservices
Website:
Employees number:
1,504
Number of followers:
39,431
NAICS:
5112
Industry Type:
Homepage:
aylo.com
IP Addresses:
0
Company ID:
AYL_1184521
Scan Status:
In-progress
Aylo Company CyberSecurity Posture
aylo.com
Aylo is a tech pioneer offering world class adult content platforms. The company provides trusted environments to enable a safe online user experience, and to empower its communities by celebrating diversity, inclusion and expression. Aylo holds a number of widely popular and diverse online adult entertainment and gaming properties. Its portfolio includes Pornhub, YouPorn, Brazzers, Men.com, Nutaku, and more, all of which maintain robust trust and safety protocols.
Aylo A.I CyberSecurity Scoring
Aylo Risk Score (AI oriented)Between 600 and 649
Aylo
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Aylo Global Score (TPRM)XXXX
Aylo
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Aylo Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Aylo: PornHub extorted after hackers steal Premium member activity data
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: **PornHub Premium User Data Exposed in ShinyHunters Extortion Scheme Following Mixpanel Breach** PornHub is facing extortion demands from the ShinyHunters cybercrime group after the search and watch history of its Premium members was stolen in a November 2025 breach of analytics vendor Mixpanel. The incident, disclosed by PornHub last week, stems from a November 8 smishing (SMS phishing) attack that compromised Mixpanel’s systems, exposing historical user activity data from 2021 or earlier. PornHub confirmed that only select Premium users were affected, emphasizing that passwords, payment details, and financial information remained secure. The company ceased its partnership with Mixpanel in 2021, meaning the stolen records consist of older analytics data. Mixpanel described the breach as impacting a "limited number" of customers, though other affected companies, including OpenAI and CoinTracker, have also acknowledged exposure. ShinyHunters, now confirmed as the group behind the Mixpanel breach, began extorting victims last week, threatening to publish stolen data unless ransoms were paid. In communications with PornHub, the group claimed to have exfiltrated 94GB of data containing over 200 million records, including email addresses, video URLs, search keywords, timestamps, and user activity logs (e.g., watch/download history and location data). A sample reviewed by *BleepingComputer* verified the sensitivity of the exposed information. The breach adds to ShinyHunters’ prolific 2025 campaign, which includes high-profile attacks via compromised Salesforce integrations, exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61884), and recent Salesforce/Drift-related breaches. The group is also developing *ShinySpid3r*, a ransomware-as-a-service platform linked to affiliates of the Scattered Spider threat actor collective. With this latest incident, ShinyHunters solidifies its role in some of the year’s most significant data breaches.
PornHub: Pornhub data breach: Hackers steal premium user activity logs
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: **PornHub Hit by Massive Data Breach: ShinyHunters Claims Theft of 200M Records** PornHub is facing a major data breach after the notorious hacking group **ShinyHunters** claimed responsibility for stealing **94GB of sensitive user data**, encompassing over **201 million records**. The compromised information includes **email addresses, geographic locations, video search histories, download activity, and keywords** tied to premium subscribers’ viewing habits. ShinyHunters, a prolific black-hat hacking collective, has been linked to multiple high-profile breaches this year, including attacks on **Qantas, Google, Louis Vuitton, Dior, Tiffany & Co., and Salesforce**. The group reportedly sent an extortion demand to PornHub, though the company has not publicly confirmed the breach. New Zealand’s **Privacy Commissioner** has been notified, though no official statement has been released. Authorities note that such incidents may fall under criminal jurisdiction, with potential implications under privacy laws if evidence of unauthorized data collection is provided. The breach underscores the ongoing risks of large-scale cyberattacks targeting sensitive user data.
Aylo Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Aylo
Incidents vs Software Development Industry Average (This Year)
Aylo has 75.44% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Aylo has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Aylo vs Software Development Industry Avg (This Year)
Aylo reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Aylo (X = Date, Y = Severity)
Aylo cyber incidents detection timeline including parent company and subsidiaries
Aylo Company Subsidiaries
Aylo is a tech pioneer offering world class adult content platforms. The company provides trusted environments to enable a safe online user experience, and to empower its communities by celebrating diversity, inclusion and expression. Aylo holds a number of widely popular and diverse online adult entertainment and gaming properties. Its portfolio includes Pornhub, YouPorn, Brazzers, Men.com, Nutaku, and more, all of which maintain robust trust and safety protocols.
Loading...
Aylo Similar Companies
Juniper Networks
Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniper’s sole mission has been to create innovative products and
SS&C is a leading global provider of mission-critical, cloud-based software and solutions for the financial and healthcare industries. Named to the Fortune 1000 list as a top U.S. company based on revenue, SS&C (NASDAQ: SSNC) is a trusted provider to more than 20,000 financial services and healthcar
More than one billion people around the world use Instagram, and we’re proud to be bringing them closer to the people and things they love. Instagram inspires people to see the world differently, discover new interests, and express themselves. Since launching in 2010, our community has grown at a r
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consu
Shopee
Shopee is the leading e-commerce platform in Southeast Asia and Taiwan. It is a platform tailored for the region, providing customers with an easy, secure and fast online shopping experience through strong payment and logistical support. Shopee aims to continually enhance its platform and become th
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
VMware by Broadcom delivers software that unifies and streamlines hybrid cloud environments for the world’s most complex organizations. By combining public-cloud scale and agility with private-cloud security and performance, we empower our customers to modernize, optimize and protect their apps an
Thomson Reuters
Thomson Reuters is the world’s leading provider of news and information-based tools to professionals. Our worldwide network of journalists and specialist editors keep customers up to speed on global developments, with a particular focus on legal, regulatory and tax changes. Our customers operat
Adobe
Adobe is the global leader in digital media and digital marketing solutions. Our creative, marketing and document solutions empower everyone – from emerging artists to global brands – to bring digital creations to life and deliver immersive, compelling experiences to the right person at the right mo
.png)
Aylo CyberSecurity News
November 18, 2025 08:00 AM
Give Us Your Face or Lose Your Account: AI Age Verification Is Here, and Experts Are Worried
From Spotify to YouTube, platforms now demand biometric proof of age. Experts warn that you could lose access—and your privacy—if the...
April 24, 2025 07:00 AM
Mintz Achieves Ten Years of Consecutive Revenue Growth
Mintz announces ten years of consecutive revenue growth following the close of its fiscal year on March 29. The firm generated $700 million in gross revenue.
March 22, 2025 07:00 AM
Is XRP the ‘Biggest Financial Scam’? Shocking Claim Sparks Ripple CTO’s Response!
Ripple CTO David Schwartz refuted claims that XRP is a financial scam, clarifying XRPL's low DEX volume. Validator Vet provided higher figures.
March 05, 2025 08:00 AM
Aylo Holdings faces legal pressure over privacy concerns
Aylo Holdings denies violating privacy laws, arguing it has strengthened safeguards against non-consensual content.
January 04, 2025 08:00 AM
Porn Ban—Surge In VPN Demand Is A Threat To Users
The US clampdown on unrestricted online pornography escalated as 2025 began, with those in Florida losing access to the world's most popular adult site on Jan....
June 21, 2024 07:00 AM
Pornhub Blocks More US States Over Recent Age Verification Law
Pornhub will block new U.S. states as a new legislative bill goes into effect in July, saying they took this decision over privacy concerns.
January 07, 2024 08:00 AM
How to unblock Brazzers for free
ExpressVPN is the best service for accessing restricted sites. Unblock Brazzers from anywhere in the world with ExpressVPN.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Aylo CyberSecurity History Information
Official Website of Aylo
The official website of Aylo is https://www.aylo.com/carrieres/.
Aylo’s AI-Generated Cybersecurity Score
According to Rankiteo, Aylo’s AI-generated cybersecurity score is 628, reflecting their Poor security posture.
How many security badges does Aylo’ have ?
According to Rankiteo, Aylo currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Aylo have SOC 2 Type 1 certification ?
According to Rankiteo, Aylo is not certified under SOC 2 Type 1.
Does Aylo have SOC 2 Type 2 certification ?
According to Rankiteo, Aylo does not hold a SOC 2 Type 2 certification.
Does Aylo comply with GDPR ?
According to Rankiteo, Aylo is not listed as GDPR compliant.
Does Aylo have PCI DSS certification ?
According to Rankiteo, Aylo does not currently maintain PCI DSS compliance.
Does Aylo comply with HIPAA ?
According to Rankiteo, Aylo is not compliant with HIPAA regulations.
Does Aylo have ISO 27001 certification ?
According to Rankiteo,Aylo is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Aylo
Aylo operates primarily in the Software Development industry.
Number of Employees at Aylo
Aylo employs approximately 1,504 people worldwide.
Subsidiaries Owned by Aylo
Aylo presently has no subsidiaries across any sectors.
Aylo’s LinkedIn Followers
Aylo’s official LinkedIn profile has approximately 39,431 followers.
NAICS Classification of Aylo
Aylo is classified under the NAICS code 5112, which corresponds to Software Publishers.
Aylo’s Presence on Crunchbase
No, Aylo does not have a profile on Crunchbase.
Aylo’s Presence on LinkedIn
Yes, Aylo maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ayloservices.
Cybersecurity Incidents Involving Aylo
As of December 20, 2025, Rankiteo reports that Aylo has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Aylo has an estimated 27,833 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Aylo ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Aylo detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with security notice posted on pornhub's website..
Incident Details
Can you provide details on each incident ?
Title: PornHub Premium Members' Search and Watch History Stolen in Mixpanel Breach
Description: Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. The breach affected historical analytics data from 2021 or earlier, including sensitive information such as email addresses, activity types, locations, video URLs, video names, keywords, and timestamps.
Date Detected: 2025-11-08
Type: Data Breach
Attack Vector: Third-party breach (Mixpanel)
Vulnerability Exploited: SMS phishing (smishing) attack
Threat Actor: ShinyHunters
Motivation: Extortion
Title: PornHub Data Breach and Extortion by ShinyHunters
Description: An extortion demand sent to PornHub claims 94GB of data containing over 200 million records of personal information was stolen in the breach. ShinyHunters, a black-hat criminal hacker group, took responsibility for the attack and extortion attempts. The data includes email addresses, locations, video names, keywords, search histories, and subscriber activity.
Type: Data Breach and Extortion
Threat Actor: ShinyHunters
Motivation: Extortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Mixpanel (via SMS phishing).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AYL1765836079
Data Compromised: 94GB of data containing over 200 million records
Systems Affected: Mixpanel analytics platform
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive user data
Identity Theft Risk: High (exposure of email addresses and activity history)
Payment Information Risk: None (payment details were not exposed)
Incident : Data Breach and Extortion MIN1766042250
Data Compromised: 94GB of data with over 200 million records
Brand Reputation Impact: Potential brand reputation damage
Legal Liabilities: Potential legal liabilities under privacy regulations
Identity Theft Risk: High risk of identity theft
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Search history, watch history, download activity, email addresses, video URLs, video names, keywords, timestamps, locations, Email Addresses, Locations, Video Names, Keywords, Search Histories, Watch/Download Activity and .
Which entities were affected by each incident ?
Incident : Data Breach AYL1765836079
Entity Name: PornHub
Entity Type: Company
Industry: Adult Entertainment
Customers Affected: Premium members (select users)
Incident : Data Breach AYL1765836079
Entity Name: Mixpanel
Entity Type: Third-party analytics provider
Industry: Data Analytics
Customers Affected: Limited number of customers (including PornHub, OpenAI, CoinTracker)
Incident : Data Breach and Extortion MIN1766042250
Entity Name: PornHub
Entity Type: Company
Industry: Adult Entertainment
Customers Affected: Premium members (201,211,943 records)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach AYL1765836079
Communication Strategy: Security notice posted on PornHub's website
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AYL1765836079
Type of Data Compromised: Search history, watch history, download activity, email addresses, video URLs, video names, keywords, timestamps, locations
Number of Records Exposed: 201,211,943
Sensitivity of Data: High (personally identifiable activity data)
Data Exfiltration: Yes
Personally Identifiable Information: Email addresses, activity history
Incident : Data Breach and Extortion MIN1766042250
Type of Data Compromised: Email addresses, Locations, Video names, Keywords, Search histories, Watch/download activity
Number of Records Exposed: 201,211,943
Sensitivity of Data: High (personal and sensitive user activity)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach and Extortion MIN1766042250
Data Exfiltration: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach and Extortion MIN1766042250
Regulations Violated: Potential Privacy Act violations,
Regulatory Notifications: New Zealand’s Privacy Commissioner approached for comment
References
Where can I find more information about each incident ?
Incident : Data Breach AYL1765836079
Source: BleepingComputer
Incident : Data Breach AYL1765836079
Source: PornHub Security Notice
Incident : Data Breach and Extortion MIN1766042250
Source: BleepingComputer
Incident : Data Breach and Extortion MIN1766042250
Source: New Zealand’s Privacy Commissioner
Incident : Data Breach and Extortion MIN1766042250
Source: Netsafe
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: PornHub Security Notice, and Source: BleepingComputer, and Source: New Zealand’s Privacy Commissioner, and Source: Netsafe.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach AYL1765836079
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Security notice posted on PornHub's website.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach AYL1765836079
Customer Advisories: Security notice posted on PornHub's website
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Security notice posted on PornHub's website.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach AYL1765836079
Entry Point: Mixpanel (via SMS phishing)
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach AYL1765836079
Root Causes: Third-party breach via SMS phishing attack on Mixpanel
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an ShinyHunters and ShinyHunters.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-11-08.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 94GB of data containing over 200 million records and 94GB of data with over 200 million records.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 94GB of data containing over 200 million records and 94GB of data with over 200 million records.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 402.4M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Netsafe, PornHub Security Notice, BleepingComputer and New Zealand’s Privacy Commissioner.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Security notice posted on PornHub's website.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Mixpanel (via SMS phishing).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Risk Information
cvss3
Base: 4.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ayloservices' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
