According to Forbes, a cybersecurity incident in late 2025 involving third-party analytics provider Mixpanel has impacted Pornhub Premium users, with hackers claiming to have stolen 94GB of data containing 201,211,943 records. The stolen data reportedly includes detailed historical search, watch, and download activity for Premium members. Pornhub confirmed the incident on December 12 but stressed it was not a breach of its own systems, and that passwords and payment details remain secure. The notorious ShinyHunters cybercrime group is behind the extortion attempt, having sent a demand to Pornhub. Both Pornhub and Mixpanel have launched investigations, with Mixpanel disputing the data came from its November 2025 security incident, noting the data was last legitimately accessed by an employee of Pornhub’s parent company in 2023.
The real damage isn’t financial
Here’s the thing: Pornhub saying “financial information is safe” is almost beside the point. For the users affected, the exposure of their intimate viewing habits is the core nightmare. This isn’t credit card numbers. It’s deeply personal behavioral data that fuels the worst kind of blackmail. We’re talking about the perfect fuel for sophisticated sextortion scams, where criminals can now credibly claim to know exactly what you’ve been watching. The threat to share that with your contacts becomes terrifyingly real. It’s a privacy violation on a profoundly personal level.
A game of hot potato with your data
Now, the source of the leak is turning into a messy blame game. Mixpanel, the analytics firm, is pushing back hard. They say their own November 2025 security incident isn’t the source, and that the data was last accessed by a legitimate Pornhub parent company account back in 2023. Basically, they’re implying the data might have been siphoned from Pornhub’s own internal access to Mixpanel’s tools. Pornhub, of course, says it’s a Mixpanel incident. To the user whose data is now on a hacker’s server, this corporate finger-pointing is meaningless. The data is out. As BleepingComputer reports, a sample shows the analytic events contained a “large amount of sensitive information” a user would never want public.
Why this breach is uniquely toxic
Security expert Ilia Kolochenko nailed it: this could “dethrone” the infamous 2016 Adult Friend Finder breach. Why? Scale and specificity. Over 200 million records of *activity*, not just email addresses. It’s a map of private desire for a huge chunk of the internet. This creates a persistent, long-term risk. These records won’t expire like a credit card. The extortion potential is evergreen. Users need to be hyper-vigilant for phishing and sextortion emails that are now backed with frighteningly accurate details. Sextortion scams are already common, but this data makes them infinitely more convincing and dangerous.
The trust in third parties crumbles again
So what’s the lesson? It’s another brutal reminder of data sprawl. A company can have solid security for its core systems, but the moment it sends user data to a third-party analytics provider, that data inherits the security posture of that vendor. And in the tech stack, every added service is a potential new attack vector. For enterprises in any sector—whether handling sensitive consumer data or critical industrial information—this is a wake-up call. You’re only as strong as your weakest vendor. It demands rigorous vetting and continuous monitoring of all third-party data handlers. The blast radius of a breach at a single analytics firm can be catastrophic for hundreds of their clients, as we’re seeing now.
