December 16, 2025 – 6:42 PM PST
WASHINGTON (Reuters) – The hacking group known as “ShinyHunters” announced on Tuesday that they have obtained private data from premium users of Pornhub, a leading adult website, and are threatening to leak it.
While the exact details of the breach haven’t been confirmed by Reuters, the hackers shared a sample of the data, which the agency managed to partially verify.
At least three individuals who previously used Pornhub—two from Canada and one from the U.S.—have confirmed to Reuters that the data concerning them is genuine, even though it dates back several years. They chose to remain anonymous due to the sensitive nature of the situation.
ShinyHunters communicated via an online chat, stating, “We’re demanding a ransom payment in Bitcoin to prevent the publication of Pornhub data and to delete the data.”
So far, neither Pornhub nor its parent company, Ethical Capital Partners, based in Ottawa, Canada, have responded to inquiries. Cybersecurity site Bleeping Computer first reported on the breach.
Pornhub boasts over 100 million daily visits and around 36 billion annually, making it one of the most frequented platforms for adult content, especially videos, many of which are free.
The group claimed to possess data from 14 users of Pornhub’s premium service, which offers features like high-definition videos and ad-free access.
Reuters matched the information of six individuals within the ShinyHunters data to records from prior data breaches, some of which had been cataloged by the dark web intelligence entity District 4 Labs. Three people impacted confirmed to Reuters they had been signed up for Pornhub’s premium service at some point.
It remains unclear how ShinyHunters obtained the data, as they have not elaborated on the breach’s specifics.
Pornhub had previously released a statement on December 12 regarding a cybersecurity issue involving Mixpanel, a third-party data analytics provider, which it claimed impacted an undisclosed number of Pornhub Premium users. It noted the incident occurred within Mixpanel’s environment and was related to a limited set of analytics events for some users.
Mixpanel itself reported a cybersecurity incident on November 27 and stated that it was aware of Pornhub’s statement, but did not find evidence linking the data theft to their November incident.
The company clarified that Pornhub’s data was last accessed by a legitimate employee account in 2023 and that if unauthorized parties have the data, it likely didn’t result from a Mixpanel security breach.
ShinyHunters, however, insisted that the data was associated with the recent Mixpanel incident. Mixpanel countered this assertion, saying it had conducted a thorough investigation involving external cybersecurity experts and informed all impacted clients.
“We are confident Pornhub was not among those clients and that this data is unrelated to the November incident,” a company spokesperson mentioned in an email.
ShinyHunters is recognized for a series of significant hacks and extortion attempts recently, including incidents involving customer data from Salesforce and high-end retailers in the UK.
