Pornhub has confirmed it was impacted by a security incident tied to Mixpanel, a widely used web and mobile analytics provider, after a hacking group claimed it stole data linked to the adult site’s premium users and is now attempting to extort the company.
The allegation, first reported by TechCrunch, centers on “analytics events” generated by Pornhub Premium users—records that can reveal patterns of behavior such as what content was viewed and when. The hacking coalition calling itself Scattered Lapsus$ Hunters, which includes members associated with the well-known cybercrime brand ShinyHunters, says it has already sent an extortion email to Pornhub.
What Pornhub says happened
In a published statement, Pornhub said it was among several companies affected by an earlier breach at Mixpanel. The company described the exposed information as “analytics events” involving some Pornhub Premium users, without specifying how many users were impacted or how much data may have been accessed.
According to the reporting, Pornhub did not answer detailed follow-up questions about the incident, instead pointing inquiries back to its statement. Mixpanel also did not provide comment to reporters, including a request sent to CEO Jen Taylor.
What the hackers claim they stole
Cybersecurity outlet BleepingComputer reported it reviewed a sample of the allegedly stolen Pornhub-related data. The sample described information typically generated by analytics tools—data that may not include passwords or payment card numbers but can still be highly sensitive because it can be tied to a person’s identity and behavior.
The reported sample included:
- Registered email addresses and location details associated with Pornhub Premium accounts
- Activity logs indicating what videos and channels were watched, including video titles and URLs
- Keywords associated with the content viewed
- Date and time stamps for when events were recorded
Even when classified as analytics data, viewing histories and associated metadata can create acute privacy risks—particularly for adult content—because it can be used for extortion, harassment, or targeted phishing if tied to identifiable individuals.
The Mixpanel breach: a wider customer impact
Mixpanel disclosed a breach discovered on November 8, shortly before the U.S. Thanksgiving holiday, saying corporate customers were affected but not naming them. Since then, multiple organizations have confirmed they were among the impacted customers, including OpenAI, as well as CoinTracker and SwissBorg, according to the same reporting.
Mixpanel’s customer base is large: the company publicly lists around 8,000 customers. That scale matters because an analytics provider can sit in the middle of countless apps and websites, collecting event tracking data that may span millions of end users depending on how each customer configured its implementation.
Security experts routinely warn that third-party analytics platforms can become high-value targets because a single breach can expose data across many brands at once. The severity of exposure, however, can vary widely by customer based on configuration choices—what events are tracked, what user identifiers are passed, and whether data is minimized or pseudonymized.
Why “analytics events” can still be sensitive
Companies use behavioral analytics tools like Mixpanel to understand how users interact with products—what they click, view, search for, or purchase. Those records can also include device and network details such as screen size, connectivity type, and carrier information, depending on settings.
In many industries, that kind of telemetry is considered routine product data. In the context of adult entertainment, however, the stakes are different. A log showing what a person watched, paired with an email address and time stamps, can become personally compromising material. That is why privacy advocates often argue that organizations should treat such records as highly sensitive and apply strict data minimization practices, shorter retention windows, and tighter access controls.
Extortion pressure and what happens next
A spokesperson for ShinyHunters told reporters that an extortion email has been sent only to Pornhub so far, and declined to specify how many other companies were caught up in the Mixpanel incident. That detail suggests the group may be selectively targeting brands where stolen data has greater blackmail value or reputational impact.
For affected companies, the next steps typically include incident scoping, forensic review, and notification decisions, alongside efforts to reduce future exposure—such as auditing what data is being sent to third parties, rotating credentials and API keys, and tightening logging and access policies around analytics pipelines.
For users, the incident is a reminder that privacy risks can extend beyond the sites they visit to the third-party services those sites rely on. As reporting continues to identify additional affected customers, the Mixpanel breach is shaping up as another example of how a compromise at a shared infrastructure provider can ripple across the broader consumer internet.