Pornhub safety breach as 200 million customers have knowledge and search historical past stolen
Adult content site Pornhub is warning more than 200 million premium users that their data may have been exposed when hackers breached third-party analytics provider Mixpanel
Pornhub have told more than 200 million premium users that their data and search history on the adult site may have been nicked in a security breach.
Hackers bragged they had wormed their way into a third-party system that Pornhub uses to monitor site traffic, potentially laying bare limited records of how some users engaged with the platform.
In a ransom demand lobbed at Pornhub, the cyber crooks claimed to have a colossal data set of records that included email addresses, location, video titles, search keywords, activity types and timestamps for over 200 million entries, according to Bleeping Computer.
Premium users cough up $14.99 a month to access millions of videos, along with more than 100,000 premium videos that non-paying users can’t view.
“We recently learned that an unauthorised party gained unauthorised access to analytics data stored with Mixpanel, a third-party data analytics service provider,” Pornhub said in a statement.
“The unauthorised party was able to use this unauthorised access to extract a limited set of analytics events for some users.”
The adult content site stressed that this was not a breach of its own system, reassuring users that their passwords, credentials or government IDs were not compromised or exposed.
Pornhub added it has since secured the affected account and put a stop to the unauthorised access.
Pornhub revealed the issue on December 12, explaining it stemmed from a November breach involving its analytics provider Mixpanel.
However, the adult site pointed out that it hasn’t collaborated with Mixpanel since 2023, indicating that the pilfered records are from that year or earlier, as reported by BleepingComputer.
Mixpanel’s CEO, Jen Taylor, stated: ‘We took comprehensive steps to contain and eradicate unauthorised access and secure impacted user accounts. We engaged external cybersecurity partners to remediate and respond to the incident.
The firm told BleepingComputer that it couldn’t confirm whether the Pornhub data being bandied about originated from the November breach.
Cybercrime collective ShinyHunters has taken credit for the break-in, publicly offering what they claim is Pornhub Premium analytics data while name-dropping tech behemoths among their supposed victims.
Pornhub has notified affected users and issued a public warning for them to be on guard against phishing attempts or dodgy messages.
A company statement read: ‘While our investigation is ongoing, we encourage all users to remain vigilant by monitoring their accounts for any suspicious emails or unusual activity. ‘.
The platform has enlisted cybersecurity experts, initiated an internal probe, and informed authorities, stressing that passwords and payment details were not compromised in the incident.
