Hacker Group ‘ShinyHunters’ Claims to Have Stolen Pornhub User Data
A hacker group known as ‘ShinyHunters’ claims it has acquired sensitive personal information from users of Pornhub, a major adult entertainment platform. They are reportedly demanding a ransom payment in Bitcoin to prevent the release of this data, which could have serious repercussions for those affected.
As it stands, the full extent of this data breach remains unclear. However, Reuters managed to verify parts of the leaked information, with three former Pornhub Premium subscribers—two from Canada and one from the U.S.—confirming the authenticity of the data, even though it’s a few years old. These individuals requested anonymity due to the sensitive nature of the situation.
In a communication with Reuters, ShinyHunters stated, “We are demanding a ransom payment in Bitcoin to prevent publication.” They further urged, “Please delete the data.” Details on how the group accessed this user information were not disclosed.
Pornhub, which sees over 100 million daily visits and around 36 billion annually, is a leading site in the adult entertainment sector. Its premium offerings include high-definition videos, ad-free viewing, and virtual reality experiences.
On December 12, Pornhub issued a statement addressing a recent cybersecurity issue related to a third-party data analytics firm, Mixpanel. The incident reportedly took place within Mixpanel’s systems and affected some analytics data concerning a limited number of Pornhub Premium users. Mixpanel had initially reported this security issue on November 27.
Mixpanel later informed Reuters that they found no evidence linking the data claimed by ShinyHunters to their November incident. They asserted that the most recent access to Pornhub’s data by an authorized employee was in 2023. Even if the data has fallen into the wrong hands, Mixpanel maintains that it wasn’t due to a breach on their part.
ShinyHunters has a history of breaching high-profile companies, including Google. Recent reports have indicated ongoing concerns about persistent threat actor groups, and Google itself disclosed a breach affecting one of its corporate Salesforce instances earlier this year. This allowed attackers to briefly extract customer data, mostly consisting of publicly available business information.
The attackers involved have been designated by Google as “UNC6040” or “UNC6240.” However, sources closely tracking the situation confirmed that ShinyHunters was behind the breach. This group is notorious for its series of high-profile attacks on a range of organizations, including PowerSchool, Oracle Cloud, and others.
