A massive security vulnerability has revealed the data of Pornhub Premium subscribers, with the hacking group ShinyHunters taking credit for stealing 94 gigabytes of data from a third-party analytics solution.
The compromised data comprises in excess of 200 million records with email addresses, geographical locations, extensive search queries, viewed video details, search keywords, time stamps, and download details from select Premium accounts.
Pornhub Premium Data Breach, ShinyHunters Demands Ransom for User Viewing Habits
Currently, ShinyHunters is seeking a Bitcoin ransom in exchange for not making this information publicly available, with samples of this information having been verified as legitimate on BreachForums by reputable cybersecurity sites such as BleepingComputer and Reuters.
This issue came to light when Pornhub publicly announced the problem on December 12, 2025, and stated the following:
“Pornhub can confirm that an SMS phishing attack was launched on Mixpanel, the analytics service the company uses to analyze user behavior and engagement metrics. This attack occurred in November and specifically affected some of the Premium users who had subscriptions to the platform for adult entertainment content.”
Thankfully, the leaked data did not affect the users’ passwords and payment systems. Rather, the violation of the users’ privacy relates to the leaking of their search history routes and view habits.
Mixpanel has disputed allegations that it directly caused the breach. The data analytics firm explained that “the data that was compromised had its last legitimate access by an employee of Ethical Capital Partners, the parent company behind PornHub, all the way back in 2023.” This implies that there may have been insider threats or another phishing attack apart from the SMS scam.
At least three people who have been Pornhub Premium members have confirmed the validity of sample data released by the hackers, although the data that was exposed is reportedly several years old.
Data, Dollars, and Dark Web Forums: The Rise of ShinyCorp
ShinyHunters, also known as ShinyCorp, has been in operation since sometime in 2020, with the group being known for high-profile data breach exploits as well as extortion. This group uses highly sophisticated forms of attack, which include phishing, vishing (voice phishing), as well as supply chain attack methodologies.
Their former campaigns have shown a disturbing level of technical sophistication. The attackers have leveraged OAuth flaws in Salesforce infrastructure to hit large conglomerates such as Google, Cisco, Adidas, and luxury brands.
The group has a rather impressive record when it comes to carrying out massive data breaches, as they have previously stolen and put up for sale millions of account records on platforms such as Facebook, Tokopedia, GitHub, and Advance Auto Parts.
The group mostly operates on the dark web forums, such as BreachForums, where they are said to have considerable influence. Their model of operation entails the stealage of massive datasets, extorting the companies that have suffered a breach, and then leaking the data to the dark web markets if the extorted amount is not received.
LEA’s are aware of the actions of the group known as ShinyHunters. There have been efforts by the FBI to detain those associated with the group, including a suspect in France known to have committed fraud. It is difficult to prosecute because of the anonymizing technology used in these groups.
How to Protect Your Data Following the ShinyHunters Pornhub Breach?
As of December 17, 2025, ShinyHunters has not made known to the public the actual amount of ransom they demand in exchange for Pornhub and Ethical Capital Partners. Neither of the two has made any statements in relation to this threat.
The hackers are advertising the stolen data from the Pornhub database, along with other victims they claim to have data from, such as OpenAI. However, they have not yet released the data publicly, which indicates they may still be negotiating or waiting to maximize the pressure on Pornhub before taking further action.
People who have had a subscription to any of the Pornhub Premium accounts would need to begin securing themselves now. You would need to look for any malicious activity in your email accounts, and wherever possible, you would need to enable two-factor authentication in them.
The breach is a reminder, though, that even where companies are thinking about security, third-party vendors and phishing attacks are often able to create holes that place users’ data in danger. The ShinyHunters threat does not look to be slowing down either.
