Pornhub says data from more than 200 million users may have been exposed in analytics breach

Pornhub disclosed that an unauthorized party gained access to analytics data stored with Mixpanel, a third-party analytics provider, potentially exposing a limited set of records that show how some users interacted with the site. The company said the breach could affect more than 200 million premium users, whose activity data—rather than passwords or government IDs—may have been accessed. The admission came as Pornhub publicly notified affected users and launched an internal investigation and a review with cybersecurity experts and authorities.

More than a dozen hours after the disclosure, Pornhub clarified that the breach did not involve its own systems directly. In its statement, the company emphasized that passwords, payment information and other sensitive credentials were not compromised and that the unauthorized access was restricted to analytics data housed by Mixpanel. The company added that it has since secured the affected account and stopped the unauthorized access. The timing of the breach aligns with a November incident involving Mixpanel, according to the company, which said it learned of the issue on December 12.

The data set linked to the breach includes email addresses, location, video titles, search keywords, activity types and timestamps for more than 200 million entries, according to reports cited by security outlets. Hackers claimed to have infiltrated the Mixpanel system and to have access to a broad dataset associated with Pornhub Premium analytics. The breach has drawn attention to the broader risks associated with third-party analytics providers and the potential for data-footprint exposure even when a site’s own systems are not compromised. BleepingComputer reported that the extortion group ShinyHunters claimed responsibility for the intrusion and publicized what it described as Pornhub Premium analytics data, while naming several large tech companies as alleged victims in a broader campaign.

Pornhub stressed that the compromised data relates to analytics events and not to user passwords or identity documents. The company said it has alerted affected users and advised them to be vigilant against phishing attempts or suspicious communications that might try to exploit the exposed information. It also noted that it has engaged external cybersecurity partners to remediate the incident and that authorities have been notified as part of the ongoing investigation.

Mixpanel, for its part, said it took steps to contain and eradicate unauthorized access and to secure affected user accounts. In a statement, Mixpanel said it was unable to independently verify that the Pornhub data being circulated came from its November incident and stressed that it has since worked with its partners to address the breach. The company’s CEO, Jen Taylor, said, "We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts. We engaged external cybersecurity partners to remediate and respond to the incident." The statement underscored the importance of rapid containment and ongoing remediation in analytics ecosystems that rely on third-party connectors.

Pornhub also noted that it has not worked with Mixpanel since 2023, meaning the stolen records are from 2023 or earlier. The company’s disclosure indicates that while the breach exposed a substantial dataset, it did not involve a direct compromise of Pornhub’s own databases or the core authentication framework. The distinction matters because it suggests the risk lies more in analytics telemetry than in the kinds of sensitive user credentials that would enable account hijacking. Nevertheless, the company warned that even analytics data can be leveraged in targeted phishing campaigns or credential-stuffing attempts if attackers possess email addresses and usage patterns.

The industry has been watching for how sites that rely on third-party analytics manage risk, especially when data streams can include identifiers that link back to user accounts. In this case, Pornhub’s response emphasizes rapid containment, user notification, and collaboration with cybersecurity professionals and authorities to limit potential harm. The incident also raises questions about the extent to which third-party analytics services maintain robust access controls and how long data legacy repositories can remain exposed after an incident is discovered.

As investigators continue to determine the full scope of the breach, Pornhub reiterated that it is reviewing its vendor practices and data governance policies to prevent a recurrence. The company avoided broad statements about potential liabilities or financial impacts, focusing instead on the actions being taken to secure affected accounts and limit any further data exposure. Industry observers expect ongoing updates as more specifics emerge about the source of the breach, the extent of the data exposure, and the timeline of events that led to the disclosure.

For users, the immediate guidance remains vigilant monitoring of accounts for unusual activity and alertness to phishing schemes that may attempt to exploit the leaked analytics data. While the incident underscores the risk posed by third-party services, it also demonstrates the importance of transparent communication by platforms in the wake of a security event and the role of independent cybersecurity firms and law enforcement in responding to sophisticated threats in the digital ecosystem.