Hackers claim to have obtained the search history, viewing behaviour and location data of more than 200 million Pornhub Premium users.
Pornhub describes itself as “one of the most prolific adult websites” in the world, averaging over 100 billion video views a year. The site receives over 100 million visits per day, and over 36 billion visits per year.
The company recently revealed that they had been impacted by a cybersecurity breach at analytics company Mixpanel, whose systems were compromised by a phishing attack.
Popular tech website Bleeping Computer, which often covers cybersecurity news, reports that Pornhub is now facing blackmail demands from the ShinyHunters gang, which claims to have taken 94GB of data from a Mixpanel compromise, including 201,211,943 records detailing past searches, viewing and downloads linked to Pornhub Premium accounts.
Bleeping Computer reports that it has examined a portion of the leaked dataset, which contains detailed records tied to Pornhub Premium accounts. The information reviewed allegedly includes users’ email addresses, geographical data, specific video titles and URLs, associated keywords, and precise timestamps for each logged interaction.
The outlet says the activity logs show whether subscribers viewed a channel, watched content, or downloaded videos. The hackers have additionally claimed that the compromised data also covers users’ search histories.
In a statement, Pornhub admitted that “a recent cybersecurity incident” involving data from a third-party data analytics service provider has impacted “some” Pornhub Premium users, but did not give an indication of the scale of the data breach.
“Specifically, this situation affects only select Premium users,” the company said.
“It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed.”
They explained that an “unauthorised party” gained unauthorised access to analytics data stored with Mixpanel, a third-party data analytics service provider.
“The unauthorised party was able to use this unauthorised access to extract a limited set of analytics events for some users,” they said, stressing that no “government IDs were compromised or exposed”, and they have since prevented the hackers from having ongoing access to the data.
“Upon becoming aware of this event, we immediately launched a comprehensive internal investigation with the support of our cybersecurity experts,” they said.
“We have engaged with relevant authorities and with Mixpanel so that we can provide you with facts. We are working diligently to determine the nature and scope of the reported incident.
“While our investigation is ongoing, we encourage all users to remain vigilant by monitoring their accounts for any suspicious emails or unusual activity.
“Our commitment is to resolve the situation in line with best practices in cybersecurity and international privacy standards. Protecting the privacy and security of our community, creators and partners remains our highest priority, and we take incidents of this sort extremely seriously.
“We appreciate the patience and trust of our community while we address this matter.”
Pornhub has been contacted for comment.