‘Pay or we’ll publish’: Hacking group ShinyHunters threatens to expose premium users of sex site Pornhub

WASHINGTON, Dec 16 — The hacking group “ShinyHunters” said on Tuesday it had stolen data belonging to premium customers of leading adult website Pornhub and was threatening to publish it.

Although Reuters could not immediately establish the scope or scale of the breach, the hackers provided a sample of data that the news agency was able to partially authenticate.

At least three former Pornhub customers — two men in Canada and one man in the US — confirmed to Reuters that the data relating to them was genuine, though several years old, and spoke on condition of anonymity given the sensitivity of the matter.

“We’re demanding a ransom payment in Bitcoin to prevent the publication of data and delete the data,” ShinyHunters told Reuters in an online chat.

Pornhub and its corporate owner, Ottawa-based Ethical Capital Partners, did not respond to requests for comment.

News of the breach was first reported by cybersecurity news site Bleeping Computer.

Pornhub, which says it receives more than 100 million daily visits and 36 billion visits a year, is one of the web’s most popular providers of sexual content.

ShinyHunters shared data from what it said were 14 users of Pornhub’s premium service, which offers high-definition videos, ad-free viewing and virtual reality features.

Reuters was able to match details of six individuals in the data to information previously leaked online during earlier breaches and preserved by dark web intelligence firm District 4 Labs.

Three of those affected confirmed to Reuters that they had previously subscribed to Pornhub’s premium service.

Reuters could not immediately determine how ShinyHunters obtained the data, and the hacking group declined to provide details.

In a statement issued on December 12, Pornhub disclosed a recent cybersecurity incident involving third-party data analytics provider Mixpanel, which it said affected an undisclosed number of Pornhub Premium users.

Pornhub said the incident occurred within Mixpanel’s environment and involved a limited set of analytics events for some users.

Mixpanel disclosed its own cybersecurity incident on November 27.

In a statement to Reuters, Mixpanel said it was aware of Pornhub’s disclosure but found no indication that the data was stolen from its November 2025 security incident.

The company said Pornhub’s data in Mixpanel was last accessed by a legitimate employee account at Pornhub’s parent company in 2023.

“If this data is in the hands of an unauthorised party, we do not believe that is the result of a security incident at Mixpanel,” the company said.

ShinyHunters told Reuters the data was linked to the recent Mixpanel incident, a claim Mixpanel denied.

Mixpanel said it had conducted a thorough investigation with external cybersecurity experts and notified all affected clients.

“We are confident Pornhub was not among those clients and that this data is unrelated to the November incident,” a company spokesperson said.

ShinyHunters is an established hacking group linked to a series of high-profile hacks and extortion attempts in recent months, including breaches involving customers of Salesforce and luxury retailers in the UK. — Reuters