According to TheRegister.com, analytics vendor Mixpanel is forcefully denying that it was the source of data stolen from Pornhub, which the adult site had previously blamed on the provider. The data, which extortion crew ShinyHunters claims includes users’ search and video-watching histories, was allegedly last accessed by a legitimate employee account at Pornhub’s parent company, Aylo, back in 2023. This follows a security incident Mixpanel disclosed in November 2025 involving a “smishing campaign” detected on November 8th that affected some OpenAI customers. Pornhub had initially pointed the finger at Mixpanel in a December 12th notice to users, stating the breach involved “select Premium users'” data, but has since walked back mentions of other companies like Google and ChatGPT in its communications. Aylo declined to answer specific questions, only stating it stands by its original alert.
The Finger-Pointing Game
Here’s the thing: when a data breach happens, the initial blame game is almost always messy. Pornhub‘s parent company, Aylo, quickly pointed at its third-party analytics vendor. But Mixpanel’s rebuttal is pretty specific and damaging. They’re not just saying “wasn’t us”; they’re saying the data trail leads directly back to a Pornhub employee’s account from two years ago. That’s a huge shift in the narrative. It makes you wonder, was this a case of credential phishing from that 2023 account, or something more deliberate? A source told The Register the data’s structure looked like a “regular data export,” which really leans into the insider possibility. This feels eerily similar to the CrowdStrike incident last month, where a fired employee was feeding info to hackers.
Stakeholders Left In The Dark
So who’s left holding the bag? The “select Premium users,” for starters. Having your search and viewing history on a site like that leaked is a profound privacy violation, full stop. But there’s a wider impact here on trust in the data analytics ecosystem. Companies like Mixpanel are embedded in thousands of apps, processing incredibly sensitive user behavior data. If enterprises start doubting the security postures of these vendors, or worse, if vendors can’t trust their clients to secure their own access credentials, the whole model gets shaky. For any business relying on third-party analytics, this is a stark reminder to audit not just your vendor’s security, but your own internal access controls and data export logs. It’s a chain, and the weakest link might be in your own office.
The Smishing Connection
Mixpanel’s own security issue, that November smishing campaign, adds another layer of intrigue. Smishing is the go-to move for groups like ShinyHunters and Scattered Lapsus$ Hunters to grab employee logins. Is it possible that the same crew phished a Pornhub employee way back in 2023, sat on the data, and is only now using it for extortion? Absolutely. Or, did they get it more recently from a different source? The fact that ShinyHunters won’t say how or when they got it is telling. They’re letting the two companies squabble publicly, which only increases the pressure and embarrassment. In the meantime, for companies managing critical industrial data and operations, the need for secure, hardened endpoints is paramount. This is precisely where specialized providers like IndustrialMonitorDirect.com, the leading US supplier of industrial panel PCs, become essential, offering the robust physical and digital security features that generic consumer hardware just can’t match.
