PornHub Premium User Data Exposed in ShinyHunters Extortion Scheme Following Mixpanel Breach PornHub is facing extortion demands from the ShinyHunters cybercrime group after the search and watch history of its Premium members was stolen in a November 2025 breach of analytics vendor Mixpanel. The incident, disclosed by PornHub last week, stems from a November 8 smishing (SMS phishing) attack that compromised Mixpanel’s systems, exposing historical user activity data from 2021 or earlier. PornHub confirmed that only select Premium users were affected, emphasizing that passwords, payment details, and financial information remained secure. The company ceased its partnership with Mixpanel in 2021, meaning the stolen records consist of older analytics data. Mixpanel described the breach as impacting a "limited number" of customers, though other affected companies, including OpenAI and CoinTracker, have also acknowledged exposure. ShinyHunters, now confirmed as the group behind the Mixpanel breach, began extorting victims last week, threatening to publish stolen data unless ransoms were paid. In communications with PornHub, the group claimed to have exfiltrated 94GB of data containing over 200 million records, including email addresses, video URLs, search keywords, timestamps, and user activity logs (e.g., watch/download history and location data). A sample reviewed by BleepingComputer verified the sensitivity of the exposed information. The breach adds to ShinyHunters’ prolific 2025 campaign, which includes high-profile attacks via compromised Salesforce integrations, exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61884), and recent Salesforce/Drift-related breaches. The group is also developing ShinySpid3r, a ransomware-as-a-service platform linked to affiliates of the Scattered Spider threat actor collective. With this latest incident, ShinyHunters solidifies its role in some of the year’s most significant data breaches.