Users alarmed after Pornhub was linked to data breach that affected OpenAI
A cyberattack that impacted the ChatGPT maker OpenAI has also impacted adult content behemoth Pornhub. The hackers claiming responsibility say they have the browsing histories of Premium Pornhub users.
-
Pornhub and OpenAI experienced third-party data exposure through analytics provider Mixpanel.
-
Hackers claim that around 200 million Pornhub records were affected.
-
Security experts warn of creative blackmail tactics, including potential poisoning of AI models with stolen sensitive user data.
-
Pornhub said that no passwords, credentials, payment details, or government IDs were compromised.
The list of victims of the cyber incident at data analytics provider Mixpanel is growing. On December 12th, Pornhub released a data breach notice saying that an attack on its third-party data analytics provider had affected “select Premium users.”
Even though the company claims that it has not worked with Mixpanel since 2021, the breached data includes “a limited set of analytics events for some users.”
However, Pornhub claims the breach has not affected Pornhub Premium’s systems.
“If the allegations that 201,211,943 records of Pornhub’s premium users were compromised – including detailed historical search, watch, and download activity – are true, this data breach may dethrone the notorious data breach of AFF in 2016,”
said Ilia Kolochenko.
“No passwords, credentials, payment details, or government IDs were compromised or exposed,” states the company in a notice.
After Mixpanel informed Pornhub about the cyber incident, the adult content provider states that it has conducted an internal investigation to determine the scope of the data breach.
ShinyHunters claims responsibility
ShinyHunters, a notorious cyber gang, has claimed responsibility for this high-end breach. Emails sent to media outlets suggest that the ShinyHunters cybercrime group began actively extorting Mixpanel customers last week.
ShinyHunters later confirmed to BleepingComputer that it was behind the extortion campaign, asserting that the stolen dataset includes over 200 million records of Pornhub users, collected through analytics events sent to Mixpanel.
The records reportedly include Pornhub Premium members’ email addresses, activity types, locations, video URLs, video titles, associated keywords, and precise timestamps showing when the activity occurred. ShinyHunters also claims the dataset contains users’ search histories.
Affected users can become victims of creative blackmail
Security experts warn that if the scale of the alleged breach is confirmed, the fallout could be historic, drawing comparisons to the 2016 data breach of Adult Friend Finder (AFF).
“If the allegations that 201,211,943 records of Pornhub’s premium users were compromised – including detailed historical search, watch, and download activity – are true, this data breach may dethrone the notorious data breach of AFF in 2016,” said Ilia Kolochenko, CEO at ImmuniWeb and a member of the Europol EDEN, in a comment to Cybernews.
According to Kolochenko, the AFF breach occurred before modern triple-extortion tactics became commonplace, yet it still led to devastating real-world consequences.
The incident “caused numerous suicides, layoffs, divorces, and political scandals, let alone protracted damage to the mental and psychological health of the victims.”
"If the reported Pornhub data breach is as big and as recent as claimed by ShinyHunters, the consequences may be much worse than the AFF breach, causing irreparable harm to victims, including politicians and celebrities,” he warned.
Kolochenko also pointed to a new and disturbing escalation in cyber extortion tactics.
“We have already witnessed cases when cybercrime groups threaten their victims to ‘poison major LLMs’ with the victim’s compromised data if the victim does not pay.”
Once such data enters AI training pipelines, the damage becomes far harder to undo. “Eventually, highly sensitive victim data can be exposed in answers from AI chatbots when the victim’s name is entered as an input query,” he said.
“These damaging results can hardly be removed: even if top lawyers work on the case, full removal may take weeks or even months for technical reasons,”
he added.
According to Kolochenko, this marks a dangerous new chapter in digital blackmail. “The amplitude of ‘creative’ blackmail has taken an unprecedented height in 2025, leaving victims without much recourse when their sensitive data is stolen.”
His conclusion is blunt: “In sum, unless you read that your data will be published in the yellow press and then repeated by AI bots, don’t entrust it to companies or third parties.”
Who are ShinyHunters?
The group was likely formed in 2020. The English-speaking group consists of hackers believed to reside primarily in the United States and the United Kingdom
ShinyHunters are known to operate Breached, a notorious cybercrime forum.
In September, the gang claimed Kering, the parent company of luxury fashion brands such as Gucci, Balenciaga, and McQueen, among others. It stated that it had stolen 7.4 million files of customer data.
The gang has recently merged with Scattered Spider and LAPSUS$, forming a conglomerate known as Scattered LAPSUS$ Hunters.
This merger group has claimed breaches at Dell, Verizon, Telstra, Lycamobile, and Kuwait Airways.
Overall, the group claims to have stolen almost 1 billion records and has threatened to release data from over 700 major companies, including Google, FedEx, UPS, Toyota, Stellantis, Adidas, Disney, Home Depot, and many others.
OpenAI has also been targeted
At the end of November, OpenAI also confirmed a security incident involving its third-party analytics provider, Mixpanel, which resulted in the exposure of limited user data associated with its API platform.
According to OpenAI, the incident occurred within Mixpanel’s systems and involved limited analytics data related to some users of the API. Users of ChatGPT and other products were allegedly not impacted.
“This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed,” OpenAI said.
After reviewing the incident, OpenAI terminated its use of Mixpanel and once again pointed out that the breach wasn’t caused by any vulnerabilities in OpenAI’s systems.
“The security and privacy of our products are paramount, and we remain resolute in protecting your information and communicating transparently when issues arise,” the company added for good measure.
Mixpanel takes the blame
Mixpanel has publicly acknowledged the incident and claimed in the statement that it was contained.
In a notice, the analytics company said it detected a smishing campaign on November 8th, 2025, and immediately kicked off its incident response team.
According to Mixpanel, the company moved quickly to “contain and eradicate unauthorized access,” locking down affected accounts and calling in external cybersecurity partners.
Customers who were impacted were notified directly by Mixpanel.
Unlock more exclusive Cybernews content on YouTube.
