Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories

A major privacy breach has surfaced involving the personal viewing histories of millions of people who once held Pornhub Premium accounts. The cybercriminal gang ShinyHunters claims to have stolen a 94GB database containing over 200 million records (201,211,943 to be precise) of user searches, downloads, and video activity. They’ve already launched an extortion campaign, reportedly demanding ransom in Bitcoin.

According to researchers at digital risks and vulnerabilities management firm Rescana, the trouble began with a security lapse at Mixpanel, a third-party company that tracks website analytics. This is the same company whose breach impacted OpenAI and exposed its API user data last month.

As per Rescana’s blog post and Mixpanel’s official security notice, the breach began on November 8, 2025, when hackers used a smishing attack (sending deceptive text messages to employees to steal their login details) to gain unauthorised access to Mixpanel’s systems.

****Sensitive Data and Extortion****

The stolen files contain deeply private records. According to BleepingComputer, which reviewed samples of the data, the records include:

• Email addresses and approximate locations (city and country).
• Activity details like video names, URLs, and search keywords.
• Timestamps showing when each video was watched or downloaded.

The hackers are already sending extortion emails to affected companies, threatening to leak everything unless they’re paid. It’s worth noting, though, that Pornhub’s own internal systems weren’t directly hacked. The platform has confirmed that sensitive stuff like passwords and credit card details are still secure.

****Verifying the Stolen Data****

To prove the data is real, ShinyHunters shared records from 14 users of Pornhub’s Premium tier. Reuters confirmed the info was authentic after matching details for six of those people against previous leaks held by the firm District 4 Labs. Three of those individuals confirmed they were, in fact, former subscribers. While the hackers won’t say exactly how they got the files, these findings prove real user info is out there.

****Conflicting Reports on Data Access****

It is worth noting that, according to Pornhub’s statement, it officially stopped using Mixpanel in 2021, so these records are at least four years old. But here’s where the story gets messy: the two companies now disagree on what actually happened.

While Pornhub initially blamed the Mixpanel breach, as of December 16, 2025, it has removed those mentions from its official advisory. On that same day, Mixpanel claimed the data was actually last accessed in 2023 by a “legitimate employee account” belonging to Pornhub’s parent company, Aylo. This suggests a separate account compromise rather than a direct hit on the analytics provider’s servers.