In a significant privacy scandal, the adult website Pornhub has suffered a major data breach, exposing the sensitive viewing histories and personal details of a vast number of its Premium subscribers.
What Was Stolen in the Pornhub Data Breach?
The cyberattack, which came to light in mid-December 2025, resulted in the compromise of over 200 million records of personal information. According to reports from the technology news outlet BleepingComputer, the stolen data includes the watch histories, download records, and email addresses of Pornhub Premium users.
The hacking group behind the intrusion, identified as ShinyHunters, has shared samples of the data with journalists to verify its authenticity. News agency Reuters confirmed the breach after three men in the United States and Canada verified that their old account information in the leaked sample was accurate.
Ransom Demand and Company Response
In a statement provided to Reuters, the ShinyHunters gang issued a direct ransom demand. "We're demanding a ransom payment in Bitcoin to prevent the publication of [Pornhub] data and delete the data," they stated. The exact sum being demanded remains unclear.
Pornhub has acknowledged the security incident, confirming it "immediately launched a comprehensive internal investigation" upon learning of the breach. The company moved to reassure its user base that certain critical data was not accessed. Passwords, payment details, and financial information remain secure and were not exposed, according to the platform.
The Fallout and Privacy Implications
This breach highlights the profound privacy risks associated with online services that handle highly sensitive personal data. The leaked information directly links individuals to their private viewing habits, a scenario described by BleepingComputer as containing "a large amount of sensitive information that a member would not likely want publicly disclosed."
While the exposed data is reportedly old, the incident serves as a stark warning about the value and vulnerability of digital footprints. For the millions affected, the hack means strangers could potentially learn intimate details about their online activity, even if their financial data is safe.
The extortion attempt by ShinyHunters follows a familiar pattern of high-profile ransomware attacks, putting pressure on the company to respond while leaving users in a state of uncertainty regarding the potential public release of their private data.
