Pornhub Premium Users Targeted in Mixpanel Analytics Breach
A notorious hacking collective is now attempting to extort the adult entertainment giant following a widespread data leak involving a popular analytics provider.
The cybercriminal group Scattered Lapsus$ Hunters, which includes members of the infamous ShinyHunters gang, is targeting Pornhub after allegedly stealing personal information belonging to the site’s premium members. While the breach may seem isolated to one company, it exposes a much larger vulnerability within the digital ecosystem used by thousands of businesses, including major tech players like OpenAI.
The Anatomy of the Leak
Pornhub confirmed the breach originated not from its own servers, but from Mixpanel, a widely used analytics provider. Mixpanel’s platform allows companies to track user behavior—essentially watching what users click, view, and swipe across websites and apps. On November 8, Mixpanel admitted to a security incident affecting its corporate customers, though it initially kept the full scope private.
The stolen data, viewed by Bleeping Computer, is alarmingly specific. For Pornhub Premium members, it includes:
- Personal Identifiers: Registered email addresses and location data.
- Explicit Viewing Habits: Specific video names, channels watched, search keywords, and the exact date and time these events occurred.
A Parent Company’s Security Failure
Mixplane CEO Jen Taylor clarified the situation on December 23, noting that the Pornhub leak relates to a 2023 data export. Crucially, Taylor stated the breach occurred due to compromised credentials belonging to an employee at Pornhub’s parent company rather than a direct hack of Mixplane’s infrastructure.
This highlights a critical failure in basic cyber hygiene. Taylor admitted that Mixplane does not require customers to enable multi-factor authentication (MFA) for accessing their accounts. Without MFA, a single compromised password is all that is needed to access vast amounts of user data, leaving companies reliant on the security practices of their vendors.
A Widespread Ecosystem Risk
While Pornhub is the current target of extortion, the Mixplane breach has far-reaching implications. Mixplane serves approximately 8,000 customers, and the type of data stolen varies based on how each client configures their tracking. Generally, this includes device information, IP addresses, and detailed user journey logs.
Other confirmed victims of the Mixplane incident include OpenAI, CoinTracker, and SwissBorg. In a separate but related incident, SoundCloud confirmed that roughly 20% of its user base was affected by unauthorized access via an ancillary service dashboard, likely linked to the same breach vector.
The Takeaway
This incident serves as a stark reminder of the “supply chain” nature of modern cyberattacks. Even if a company like Pornhub fortifies its own defenses, a vulnerability in a third-party partner like Mixplane can instantly expose sensitive user data. For businesses, the lesson is clear: vetting partners for mandatory security features like MFA is no longer optional. For users, it reinforces the reality that personal data—especially browsing habits—is a valuable commodity in the hands of hackers.
No Comments