Hacking group says it’s extorting Pornhub after stealing users’ viewing data

The hacking group Scattered Lapsus$ Hunters, which includes members of the ShinyHunters gang, claims it is attempting to extort Pornhub after allegedly stealing personal information belonging to the website’s premium members.

Pornhub confirmed on Friday that it was among several companies affected by a previous breach at Mixpanel, a widely used web and mobile analytics provider. The company said the breach exposed unspecified “analytics events” linked to some Pornhub Premium users.

On Monday, Bleeping Computer reported that it had reviewed a sample of the stolen data, which included personal information associated with Pornhub Premium members. The leaked information reportedly contained registered email addresses, user locations, activity types, videos and channels watched (including names and URLs), search keywords, and timestamps of the recorded events.

Mixpanel chief executive Jen Taylor did not respond to TechCrunch’s request for comment. A Pornhub spokesperson, who did not provide their name, also did not answer specific questions about the incident and instead referred TechCrunch to the company’s original public statement.

A spokesperson for the ShinyHunters gang told TechCrunch that the group has only sent an extortion email to Pornhub at this time. They declined to say how many other companies were impacted by the Mixpanel breach.

Mixpanel disclosed the breach on November 8, just before the U.S. Thanksgiving holiday, stating that its corporate customers were affected but did not identify which companies or provide details on the types of data involved. OpenAI later confirmed it was one of the affected customers, as did CoinTracker and SwissBorg.

Mixpanel’s website states it has around 8,000 customers, each with potentially millions of users whose data may have been exposed. The data stolen varies depending on how each company configured its Mixpanel implementation.

Mixpanel is typically used to monitor user behaviour across websites and apps, tracking clicks, views, navigation patterns, and other interactions. It can also collect device information such as screen size, connection type (Wi-Fi or cellular), and carrier name.

Scattered Lapsus$ Hunters is composed primarily of English-speaking hackers believed to reside in Western countries. The group has been linked to several significant data breaches this year, including attacks targeting Salesforce and Gainsight customers that affected hundreds of companies.

Also on Friday, SoundCloud confirmed that roughly 20% of its users were affected by “unauthorised activity in an ancillary service dashboard,” likely linked to the Mixpanel incident. SoundCloud said the stolen data includes email addresses and information already visible publicly on user profiles.