Republished on Dec. 17 with an updated statement from Pornhub.
There’s something particularly frightening about porn and similar data breaches — it’s an internet nightmare come true. No matter who you are, where you live or what you do, your adult content search history getting into the wrong hands is terrifying. Just look at the VPN surge as users avoid identity or age verification to access porn.
“We recently learned that an unauthorized party gained unauthorized access to analytics data stored with Mixpanel, a third-party data analytics service provider,” Pornhub confirmed in a Dec. 12 statement updated on Dec. 16. “The unauthorized party was able to use this unauthorized access to extract a limited set of analytics events for some users. This was not a breach of Pornhub Premium’s systems.”
The company stressed “no passwords, credentials, payment details or government IDs were compromised or exposed and we have since secured the affected account and stopped the unauthorized access..” But that’s probably not the primary concern.
As ImmuniWeb’s Ilia Kolochenko warns, “if the allegations that 201,211,943 records of Pornhub’s Premium users were compromised – including detailed historical search, watch and download activity – are true, this data breach may dethrone the notorious data breach of Adult Friend Finder (AFF) in 2016.”
For its part Mixpanel says the data did not come from its breach. Via Bleeping Computer, it says “Mixpanel is aware of reports that Pornhub has been extorted with data that that was allegedly stolen from us. We can find no indication that this data was stolen from Mixpanel during our November 2025 security Incident or otherwise.”
Mixpanel also says “the data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel.”
Mixpanel told me the revisions to Pornhub’s statement support that conclusion that this breach is unrelated to the November breach. The source of the leak will be of little interest to affected users. This type of data fuels fake sextortion scams that claim to have harvest user activity on sites such as Pornhub,. threatening to share with friends and family. Now that data may really be out there.
Pornhub says it “immediately launched a comprehensive internal investigation with the support of our cybersecurity experts. We have engaged with relevant authorities and with Mixpanel, so that we can provide you with facts. We are working diligently to determine the nature and scope of the reported incident.”
Per Bleeping Computer, “in an extortion demand sent to PornHub, ShinyHunters claims it stole 94GB of data containing over 200 million records of personal information in the Mixpanel breach. ShinyHunters later confirmed to BleepingComputer that they were behind the extortion emails, claiming the data consists of 201,211,943 records of historical search, watch, and download activity for the platform’s Premium members.”
Here’s the bad news — if you’re affected. Reports suggest the breached data include your email address, location, keywords for videos searched and watched or downloaded, and the time you watched or downloaded those videos.
Pornhub advises users “to remain vigilant by monitoring their accounts for any suspicious emails or unusual activity.” That’s an understatement. The data is now in the extorting hands of ShinyHunters cybercriminals. Keep an eye on your inbox.
As Bleeping Computer warns, the small sample of data shared they have seen “shows that the analytic events sent to Mixpanel contain a large amount of sensitive information that a member would not likely want publicly disclosed.”
“The amplitude of ‘creative’ blackmailing has taken an unprecedented height in 2025,” Kolochenko says, “leaving victims without much recourse when their sensitive data is stolen. In sum, unless you ready that your data will be published in the yellow press and then repeated by AI bots, don’t entrust it to companies or third parties.”
So, have you been affected? This only impacts Pornhub Premium members, so if you’re not subscribed for that service, you’re not affected. The breach also appears to date back to 2023, so again, any activity since then would be unaffected.
Perhaps the most critical advice relates to your email address. In leaks from adult content websites, including the infamous Ashley Madison breach, the most damaging data relates to legitimate email addresses, especially work addresses which can easily be searched, flagging sensitive domains across government and enterprise.
All the more reason to use a cloaked email address when signing up for anything sensitive. Apple’s Hide My Email, for example. Do not use your real, primary address if there’s any sensitivity about it being associated with the domain.
Email addresses have a nasty habit of breaching.
Read the full article here