Pornhub suffers massive user data breach exposing 200 million records

Pornhub is dealing with new fallout after hacking group ShinyHunters claimed responsibility for a massive breach of user data. The group says it stole 94GB of data linked to more than 200 million records and is now attempting to extort the company for a ransom in Bitcoin.

According to a report by BleepingComputer, the hackers say they will release the data if their demands are not met. Pornhub acknowledged the situation but maintains that its core systems were not breached.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

DATA BREACH EXPOSES THE INFORMATION OF 400,000 BANK CUSTOMERS

What data ShinyHunters claims to have stolen

ShinyHunters says the exposed data focuses on Pornhub Premium users. While no financial information was included, the data set still contains highly sensitive activity details.

The group claims the stolen records include:

• Email addresses
• Type of activity
• Location
• Video URLs and video names
• Keywords linked to videos
• Timestamps showing when the activity occurred.

Activity logs reportedly show whether a user watched or downloaded a video or viewed a channel. Search histories are also included, raising serious privacy concerns if the data becomes public.

How Mixpanel is connected to the violation

The alleged breach appears to be related to a separate security incident in November involving Mixpanel, a data analytics provider that previously worked with Pornhub. That previous violation occurred after a crushing attack gave threat actors access to Mixpanel systems. However, Mixpanel says it does not believe Pornhub’s data came from that incident. The company stated that it found no evidence that data was taken during its November 2025 breach. Pornhub has also clarified that it stopped working with Mixpanel in 2021. That means the stolen data would be several years old. Reuters contacted some Pornhub customers to verify the claims. Those users confirmed that the data linked to their accounts was accurate but out of date, which aligns with Mixpanel’s timeline.

What Pornhub says was not exposed

Pornhub acted quickly to reassure users following the reports. In a security advisory, the company said:

“This was not a breach of Pornhub Premium’s systems. Passwords, payment details and financial information remain secure and were not exposed.”

That distinction reduces the immediate risk of financial fraud. However, exposing viewing habits and search activity still carries long-term privacy risks. We reached out to Pornhub for comment but did not hear back by deadline.

Why ShinyHunters is still a serious threat

brighthunters has been linked to some of the most disruptive data breaches this year. The group relies heavily on social engineering tactics such as phishing and smiling to gain access to corporate systems. Once inside, the group often steals large data sets and uses extortion threats to pressure companies to pay ransoms. This strategy has affected companies and users around the world.

PASSWORD MANAGER FINED AFTER MAJOR DATA BREACH

Pornhub warns Premium members about direct contact from hackers

Pornhub has updated its online statement to warn Premium members about possible direct contact from cybercriminals. In cases involving adult platforms, this type of approach often becomes Sextortion attemptswhere criminals threaten to expose private activity unless victims pay.

“We are aware that the people responsible for this incident have threatened to contact affected Pornhub Premium users directly. Therefore, you may receive emails claiming that they have your personal information. As a reminder, we will never ask you for your password or payment information via email.”

Pornhub remains one of the most visited adult video platforms in the world. People can view content anonymously or create accounts to upload videos and interact with them.

PETCO CONFIRMS A MAJOR DATA BREACH INVOLVING CUSTOMERS

Ways to stay safe after a data breach

Even if the data is several years old, users should take this opportunity to strengthen their digital security.

1) Change your passwords

Start by updating your Pornhub password. Next, change the password for any email or payment account linked to it. Using a password manager makes it easy to create and store strong, unique passwords.

Next, check to see if your email has been exposed in previous breaches. Our #1 password manager pick (see Cyberguy.com/Passwords) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

2) Stay alert for phishing attempts and install strong antivirus software

Data breaches often lead to subsequent scams. Be wary of emails, texts, or phone calls that reference Pornhub or account issues. Avoid clicking on links, downloading attachments, or sharing personal information unless you can verify the source. Installing a powerful antivirus program adds another layer of defense against malicious links and downloads.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com

3) Use a data deletion service to limit future exposure.

Data removal services work to remove your personal information from data broker websites that collect and sell details such as email addresses, locations, and online identifiers. If leaked data from this breach is shared, resold, or cross-referenced with broker databases, deleting your information can make it much more difficult for scammers to connect it to you.

This step is especially important after high-profile breaches involving activity data. Reducing what is publicly available about you reduces the risk of spear phishing, spoofing, and long-term privacy damage.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com/FreeScan

4) Consider identity theft protection

Identity theft companies can monitor personal information such as your social security number (SSN), phone number, and email address and alert you if it is sold on the dark web or used to open an account. Early warnings can help limit damage if your data comes to light. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com

5) Add extra privacy protection with a VPN

A VPN helps protect your browsing activity by masking your IP address and encrypting your Internet traffic. This is especially relevant in breaches like this one, where the exposed activity data may include location signals or usage patterns. While a VPN can’t erase past exposure, it reduces the amount of new information that will be visible in the future and makes it more difficult to link future activity to you. Consistent use of a VPN can also limit cross-site tracking, helping to reduce your overall digital footprint after a breach.

For the best VPN software, check out my expert review of the best VPNs for private web browsing on your Windows, Mac, Android and iOS devices in Cyberguy.com

CLICK HERE TO DOWNLOAD THE News APP

Kurt’s Key Takeaways

Pornhub’s massive data breach highlights how long stored user information can remain a risk. While passwords and payment details were not exposed, activity data can still be harmful if disclosed. ShinyHunters has shown that it is willing to apply pressure through public threats. As a result, you must remain alert and proactive about your online security.

Should companies be allowed to store years of user activity data once it is no longer needed? Let us know by writing to us at Cyberguy.com

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.