Skip to content
Supply chainOngoing

Leak at PornHub

On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users — including email addresses and search/viewing history — was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.

Victim
PornHub
SectorMedia

On 16 December 2025, Pornhub — one of the world's largest adult-content platforms, operated by Aylo (formerly MindGeek) — confirmed that historical user analytics data had been stolen and was being used in an extortion attempt. The company stressed that "this was not a breach of Pornhub Premium's systems": the data was taken from Mixpanel, a third-party analytics provider Pornhub stopped using in 2021, meaning the exposed records are several years old.

The extortion group ShinyHunters claimed responsibility, advertising roughly 94 GB of data and a figure of around 200 million Premium-user records (a specific claim of 201,211,943), and demanded a cryptocurrency ransom under threat of public release. Mixpanel has disputed the scale of the claim, and the exact number affected remains unverified.

Exposed data categories reported include:

  • Email addresses
  • Search and viewing history (keywords, video names/URLs)
  • Activity type (watched, downloaded, viewed a channel) with timestamps
  • Approximate location data

Pornhub stated that passwords, payment details and other financial information were not affected. The company opened an internal investigation, engaged Mixpanel and the relevant authorities, and advised affected Premium users to enable multi-factor authentication and watch for suspicious activity. As of disclosure, the incident remained under active investigation.

Sources

  1. help.pornhub.comhttps://help.pornhub.com/hc/en-us/articles/47334442459283-Important-Message-From-Pornhub
  2. cybersecuritynews.comhttps://cybersecuritynews.com/pornhub-breached/
  3. euronews.comhttps://www.euronews.com/next/2025/12/18/pornhub-investigates-hack-affecting-data-of-more-than-200-million-users

Related incidents

Supply chainContained

Leak at Crunchyroll

On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data — names, emails, IP addresses and partial payment-card details — with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.

Victim
Crunchyroll
Supply chainContained

Leak at Le Point

On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

Victim
Le Point
Supply chainContained

Data leak at UFOLEP (via Exalto)

On 10 December 2025, UFOLEP — the French multi-sport federation — disclosed that a compromised account on its third-party licence-management provider Exalto exposed at least 3,624 member records, including identity, contact and legal-guardian details.

Victim
UFOLEP
Records
3.6K