Infamous hacking group ShinyHunters has claimed responsibility for the theft of a large dataset tied to Pornhub Premium users, threatening to leak or sell the information unless the company pays a ransom.

The hack of PornHub was first revealed by the adult video website on Dec. 12. It was described as a cybersecurity incident involving data from a third-party data analytics service provider that has affected some Pornhub Premium users. The company also added that its own systems were not breached and that passwords, payment details and financial information remain secure and were not exposed.

The breach involved Mixpanel Inc., a third-party data analytics provider. The breach was described as involving an unauthorized party that used unauthorized access to extract a limited set of analytics events for some users.

Mixpanel itself disputes the claim, saying that the records may have been accessed through a legitimate employee account or legacy credentials.

Whichever method was used, the unauthorized party turned out to be ShinyHunters. According to Bleeping Computer, it stole 94 gigabytes of data containing more than 200 million records of personal information from Mixpanel.

The stolen data included PornHub Premium member email addresses, activity type, location, video URL, video name, keywords associated with the videos, and the time the event occurred.

With the records of Pornhub Premium users at hand, ShinyHunters is reportedly attempting to extort Pornhub, demanding payment in cryptocurrency in exchange for withholding the data from public release.

Though Pornhub has emphasized that no financial data or passwords were exposed, the incident still involves highly sensitive information given the nature of the platform. The personal browsing habits of Pornhub Premium users are not the sort of thing most they would like to see in the public domain.

ShinyHunters has been linked to numerous high-profile data theft and extortion campaigns in recent years, targeting both consumer platforms and enterprise services. The group has previously been associated with breaches involving cloud platforms, retail brands and software providers.

Previous ShinyHunters hacks include the theft of 7.5 million records from financial services provider Dave Inc. in July 2020, 1.8 million from Pixlr in January 2021, from dating site MeetMindful also in January 2021, from 533 million Facebook users in April 2021, and 3 terabytes of data from Advance Auto Parts Inc. in June 2024.

A lead member of ShinyHunters was arrested by French police in June, however. With the new hack and extortion, the group is clearly more resilient than one person who became best known on the hacking forum Breach Forums.

Should ShinyHunters have the records as claimed and does release them, the consequences may be more than just embarrassment to some users, and there is some precedent here: the 2015 breach of Adult Friend Finder.

“If the reported Pornhub data breach is as big and as recent as claimed by ShinyHunters, the consequences may be much worse than the Adult Friend Finder breach, causing irreparable harm to victims, including politicians and celebrities,” Dr. Ilia Kolochenko, chief executive officer at application security company ImmuniWeb SA and an adjunct professor of cybersecurity at Capitol Technology University in Maryland, told SiliconANGLE via email.

Interestingly, there is also a trend to use such data to besmirch victims in large language models.

“We have already witnessed cases when cybercrime groups threaten their victims to ‘poison major LLMs’ with the victim’s compromised data if the victim does not pay,” added Dr. Kolochenko. “Eventually highly sensitive victim data can be exposed in answers from AI chatbots when the victim’s name is entered as an input query. These damaging results can hardly be removed: Even if top lawyers work on the case, full removal may take weeks or even months for technical reasons.”

Image: SiliconANGLE/Ideogram