Hacker group ShinyHunters has stolen data from over 200 million premium customers of porn website Pornhub. The criminals are demanding a ransom in Bitcoin to prevent the publication of search history, among other things. The hack took place at Mixpanel, which measures user behavior.
Hackers from ShinyHunters claim to have stolen 94 gigabytes of data from 201 million customers. According to BleepingComputer, the stolen data includes customer details, email addresses, locations, video URLs, video names, keywords, and viewing times. This is highly sensitive information for users of the porn website.
Pornhub confirmed the theft but emphasises that only premium customers have been affected. The company claims that it has not been hacked itself. Passwords and financial data are said not to have been stolen. The attack targeted Mixpanel, an analytics platform that Pornhub works with.
Demands and threats
ShinyHunters is threatening to publish the data if no ransom is paid. “We demand a ransom payment in Bitcoin to prevent the publication of data and to delete the data,” the group told Reuters news agency. The exact amount demanded by the hackers is unknown.
Three former Pornhub customers confirmed the authenticity of the stolen data to Reuters. These include two men in Canada and one in the United States. The data relating to them proved to be genuine, albeit several years old. At least three former customers have now confirmed the authenticity of their stolen data.
Notorious hacker group
ShinyHunters distinguishes itself from other criminal hackers by exclusively breaking in for data theft, without using ransomware. The group has been operating since 2020 and has a long list of well-known victims, including Microsoft, Ticketmaster, Jaguar, and Louis Vuitton.
In the Netherlands, the group became particularly well known for the Ticketmaster hack in 2024, in which data from hundreds of millions of customers was stolen. If companies refuse to pay, Shinyhunters sells the data to other criminals. The hacker group often uses social engineering such as voice phishing to penetrate systems.
Pornhub is one of the largest porn sites in the world, claiming to have more than 100 million daily visits and 36 billion visits per year. The impact of this data breach could be significant for the affected users due to the privacy-sensitive nature of the stolen information.