Hacking group ‘ShinyHunters’ threatens to expose premium users of sex site Pornhub

WASHINGTON, USA – The hacking group “ShinyHunters” said on Tuesday, December 16, it has stolen data belonging to premium customers of the leading sex website Pornhub and is threatening to publish it.

Although Reuters could not immediately establish the scope, scale, or details of the breach, the hackers provided a sample of the data which the news agency was able to partially authenticate.

At least three former Pornhub customers — two men in Canada and a man in the US — confirmed to Reuters that the data pertaining to them was authentic, albeit several years old. They spoke on condition of anonymity given the sensitivity of the matter.

“We’re demanding a ransom payment in Bitcoin to prevent the publication of [Pornhub] data and delete the data,” ShinyHunters told Reuters in an online chat.

Pornhub and its corporate owners, the Ottawa, Canada-based Ethical Capital Partners, did not return messages. News of the breach was reported earlier by cybersecurity news site Bleeping Computer.

Pornhub, which claims more than 100 million daily visits and 36 billion visits per year, is one of the web’s most popular purveyors of sexual content, particularly videos, many of which are free to view.

ShinyHunters shared data from what it said were 14 users of Pornhub’s premium service, which offers high-definition videos, ad-free watching, and virtual reality.

Reuters was able to match the details of six people in the ShinyHunters’ data to information dumped online during previous data breaches and preserved by the dark web intelligence firm District 4 Labs. Three of the affected people confirmed to Reuters that they had, at one point, been signed up to Pornhub’s premium service.

Reuters could not immediately ascertain how ShinyHunters acquired the data. ShinyHunters said they would not go into detail about the breach.

In a statement issued on December 12, Pornhub disclosed what it said was a recent cybersecurity incident involving third-party data analytics provider Mixpanel which affected an undisclosed number of Pornhub Premium users. The statement said the incident occurred in Mixpanel’s environment and involved a “limited set of analytics events for some users.”

Mixpanel, which offers its clients detailed visibility into user data and activities, disclosed a cybersecurity incident on November 27.

The company said in a statement provided to Reuters on Tuesday that it was aware of Pornhub’s statement, but that it “can find no indication that this data was stolen from our November 2025 security incident or otherwise.”

Pornhub’s data with Mixpanel was last accessed by “a legitimate employee account at Pornhub’s parent company in 2023,” according to the statement. “If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel.”

ShinyHunters told Reuters the data was connected to the recent Mixpanel incident. Mixpanel denied ShinyHunters’ claim, saying the company had done a thorough investigation into the November incident with external cybersecurity experts and notified all affected clients.

“We are confident Pornhub was not among those clients and that this data is unrelated to the November incident,” a spokesperson for the company said in an email.

ShinyHunters is an established hacking group linked to a string of high-profile hacks and extortion attempts in recent months, including data on customers of Salesforce and luxury retailers in the U.K. – Rappler.com