In a significant cybersecurity incident, hackers have successfully accessed the private viewing habits and search history of premium subscribers to Pornhub, one of the world's most visited adult websites.
Scope of the Breach and Attacker Details
The cyber-attack, first reported by the website BleepingComputer, is believed to have compromised a vast trove of data. The breach involves over 200 million records related to Pornhub Premium members. The exposed information includes email addresses, detailed search queries, specific video viewing activity, and user location data.
According to cybersecurity reports, the attack has been attributed to a Western-based hacking collective known as ShinyHunters. The group has reportedly issued an extortion demand to the Canadian-owned platform, seeking a bitcoin payment in exchange for not publishing or deleting the stolen data. Reuters agency corroborated this, stating it communicated with a ShinyHunters member who made the ransom threat.
Pornhub's Response and Source of the Leak
Pornhub has released a statement clarifying the source of the breach. The company asserts that this was not a direct intrusion into its own core systems. Instead, the leak originated from a third-party analytics provider, Mixpanel, which Pornhub used for data services until 2021.
The platform stated that a "select" number of users were affected and emphasised that the compromised data is not recent. Passwords, financial details, and payment information were not exposed in this incident. The stolen analytics data reportedly includes specific video URLs, titles, associated keywords, and timestamps of user activity.
Investigation and Wider Hacking Context
Mixpanel has acknowledged awareness of the alleged data theft but noted it has found no evidence linking it to a separate cyber-attack on its business last month. Meanwhile, cybersecurity firm Sophos informed The Guardian that, as of now, it has seen no proof of the Pornhub data being released on dedicated leak sites or hacker forums.
Sophos provided further insight into the ShinyHunters group, describing its members as typically native English speakers in their late teens to early twenties. The group is part of a broader cybercriminal network referred to as "The Com" (The Community). This same network has been linked to other high-profile attacks in the UK, including those against major retailers like Marks & Spencer, the Co-op, and Harrods.
While the full consequences of this breach are still unfolding, it serves as a stark reminder of the data privacy risks associated with third-party service providers, even for the largest online platforms.
