'ShinyHunters' have been linked to a series of high-profile hacks. Photo: 123RF
By AJ Vicens and Raphael Satter, Reuters
- Hackers say they have Pornhub user data, demand Bitcoin ransom
- ShinyHunters have history of extortion attempts against a series of customers
- Reuters was able to partially authenticate some of the stolen data
Hacking group 'ShinyHunters' say they have stolen data belonging to premium customers of leading sex website Pornhub and threatens to publish it.
Although Reuters could not immediately establish the scope, scale or details of the breach, the hackers provided a sample of the data, which the news agency was able to partially authenticate.
At least three former Pornhub customers - two men in Canada and a man in the United States - confirmed to Reuters that the data pertaining to them was authentic, albeit several years old. They spoke on condition of anonymity, given the sensitivity of the matter.
"We're demanding a ransom payment in Bitcoin to prevent the publication of data and delete the data," ShinyHunters told Reuters.
Pornhub and its corporate owners - the Ottawa, Canada-based Ethical Capital Partners - did not return messages. News of the breach was reported earlier by cybersecurity news site Bleeping Computer.
Pornhub, which claims more than 100 million daily visits and 36 billion visits per year, is one of the web's most popular purveyors of sexual content, particularly videos, many of which are free to view.
ShinyHunters shared data from what they said were 14 users of Pornhub's premium service, which offers high-definition videos, ad-free watching and virtual reality.
Reuters was able to match the details of six people in the ShinyHunters data to information dumped online during previous data breaches and preserved by dark web intelligence firm District 4 Labs. Three of the affected people confirmed to Reuters that they had, at one point, been signed up to Pornhub's premium service.
Reuters could not immediately ascertain how ShinyHunters acquired the data. ShinyHunters said they would not go into detail about the breach.
On 12 December, Pornhub disclosed a recent cybersecurity incident involving third-party data analytics provider Mixpanel, which affected an undisclosed number of Pornhub Premium users. It said the incident occurred in Mixpanel's environment and involved a "limited set of analytics events for some users".
Mixpanel, which offers its clients detailed visibility into user data and activities, disclosed a cybersecurity incident on 27 November.
The company told Reuters it was aware of Pornhub's statement, but that it "find no indication that this data was stolen from our November 2025 security incident or otherwise".
Pornhub's data with Mixpanel was last accessed by "a legitimate employee account at Pornhub's parent company in 2023", Mixpanel said.
"If this data is in the hands of an unauthorised party, we do not believe that is the result of a security incident at Mixpanel."
ShinyHunters told Reuters the data was connected to the recent Mixpanel incident. Mixpanel denied ShinyHunters' claim, saying the company had done a thorough investigation into the November incident with external cybersecurity experts and notified all affected clients.
"We are confident Pornhub was not among those clients and that this data is unrelated to the November incident," a spokesperson for the company said.
ShinyHunters are an established hacking group, linked to a string of high-profile hacks and extortion attempts in recent months, including data on customers of Salesforce and luxury retailers in the UK.
- Reuters
