Pornhub is facing significant backlash after the hacking group ShinyHunters claimed responsibility for a large data breach. They reportedly stole about 94GB of information linked to over 200 million records and are now demanding a ransom in Bitcoin.
BleepingComputer has reported that the hackers threatened to release this data unless their demands are met. While Pornhub has acknowledged the incident, they maintain that their core systems remain secure and uncompromised.
Details of the Data Breach
The data allegedly stolen by ShinyHunters primarily pertains to Pornhub Premium users. Although it doesn’t include financial information, it does encompass sensitive activity details.
The records supposedly contain:
- email addresses
- types of activities
- positions
- video URLs and names
- keywords associated with the videos
- timestamps of activities
This activity log may reveal whether users watched or downloaded videos or followed certain channels. The inclusion of search history raises considerable privacy concerns if this data is exposed.
Previous Incidents Related to Mixpanel
This breach seems linked to a prior security incident in November involving Mixpanel, a data analytics vendor that had collaborated with Pornhub. Although Mixpanel experienced a smishing attack that enabled access to its system, they claim there’s no evidence that Pornhub’s data was obtained during that time. Pornhub also mentioned they stopped working with Mixpanel in 2021, suggesting that the stolen data is somewhat dated. Some Pornhub users have confirmed their data is accurate but outdated, consistent with Mixpanel’s timelines.
Pornhub’s Response
Pornhub moved quickly to reassure its user base. In their security notice, they stated:
“This was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information were kept secure and were not compromised.”
This clarification helps alleviate concerns about immediate financial fraud. However, the exposure of users’ viewing habits and search activity poses long-term privacy risks. Efforts to reach Pornhub for further clarification went unanswered by the deadline.
ShinyHunters’ Continued Threat
ShinyHunters is attributed with several major data breaches this year. They heavily utilize social engineering tactics, like phishing and smishing, to access corporate systems. Once they breach these systems, they typically steal large amounts of data and leverage extortion threats to compel companies into paying ransoms. This strategy has had broad ramifications for businesses and users globally.
Pornhub’s Warning to Premium Users
In a recent update, Pornhub cautioned its Premium members about potential direct contact from cybercriminals. With adult platforms, instances of attempted sextortion are not uncommon, where criminals threaten to reveal private activities unless victims pay a fee.
“We are aware that those responsible for this incident might reach out directly to affected Pornhub Premium users. You might receive emails claiming to contain your personal information. Please remember, we will never request your password or payment information via email.”
Pornhub remains one of the most frequented adult video platforms, offering users the option to view content anonymously or create accounts to upload and interact with videos.
Steps to Enhance Security After a Data Breach
Even if the compromised data is outdated, it’s sensible for users to bolster their digital security now.
1) Update Your Password
Start by changing your Pornhub password. Then, change the password linked to your email or payment account associated with it. Password managers can simplify the creation and storage of strong, unique passwords.
Moreover, check if your email has been compromised in previous breaches. Some password managers include a built-in breach scanner to see if your email or password matches any recent breaches. If they do, it’s crucial to change those passwords and secure your accounts with new ones.
2) Stay Vigilant Against Phishing Attempts
Data breaches often pave the way for tracking fraud. Be cautious of emails, texts, and phone calls mentioning issues with your Pornhub account. Avoid clicking on links or sharing personal information unless you’re sure of the source. Using robust antivirus software can add an extra layer of protection against malicious links and downloads.
3) Utilize Data Deletion Services
Data deletion services can help remove personal information from data broker sites that catalog and sell details like email addresses and online identities. This is particularly crucial after a breach involving user activities, as limiting publicly available information about you reduces the risk of targeted phishing and identity theft.
4) Consider Identity Theft Protection
Identity theft protection services can monitor your personal information, alerting you if it’s detected on the dark web or used to open accounts fraudulently. Early awareness can help mitigate damage, allowing you to take actions such as freezing bank accounts if necessary.
5) Use a VPN for Enhanced Privacy
A VPN can offer additional security by masking your IP address and encrypting your internet traffic, which is especially relevant when activity data could reveal your location. While it won’t erase past data exposures, it will help in minimizing new ones, thereby maintaining your overall digital footprint.
In Summary
Pornhub’s substantial data breach brings to light how user information can remain vulnerable over extended periods. Although critical financial details weren’t exposed, the potential fallout from leaked activity data is significant. ShinyHunters has shown they’re willing to escalate threats, highlighting the importance of staying vigilant regarding online security.
