Hackers Claim Pornhub Premium Data Breach, Demand Bitcoin Ransom

The hacking group ShinyHunters announced on Tuesday that it has stolen data belonging to premium customers of Pornhub and is threatening to publish it unless a ransom is paid.

Reuters, which first reported the claim, said the hackers provided a sample of the data that the news agency was able to partially authenticate. At least three former Pornhub customers—two in Canada and one in the United States—confirmed the information was genuine, though several years old. They spoke anonymously due to the sensitivity of the matter.

ShinyHunters told Reuters in an online chat: “We’re demanding a ransom payment in Bitcoin to prevent the publication of [Pornhub] data and delete the data.”

Pornhub and its parent company, Ottawa-based Ethical Capital Partners, did not respond to requests for comment. The breach was first flagged by cybersecurity news site Bleeping Computer.

Pornhub, which reports more than 100 million daily visits and 36 billion visits annually, is one of the world’s most visited adult content platforms. ShinyHunters claimed to have data from 14 users of Pornhub’s premium service, which offers high-definition videos, ad-free viewing, and virtual reality features.

Reuters matched details of six individuals in the hackers’ sample to records from previous breaches preserved by dark web intelligence firm District 4 Labs. Three of those affected confirmed they had subscribed to Pornhub Premium in the past.

The method of the breach remains unclear. ShinyHunters declined to explain how the data was obtained.

Pornhub, in a December 12 statement, acknowledged a recent cybersecurity incident involving its third-party analytics provider Mixpanel. The company said the incident affected a “limited set of analytics events for some users” and occurred within Mixpanel’s systems.

Mixpanel, which disclosed its own security incident on November 27, denied any link to the Pornhub breach. In a statement to Reuters, the company said: “We can find no indication that this data was stolen from our November 2025 security incident or otherwise.” It added that Pornhub’s data was last accessed legitimately by a parent company employee in 2023.

ShinyHunters, however, insisted the stolen data was connected to Mixpanel’s incident. Mixpanel rejected the claim, saying it had conducted a thorough investigation with external cybersecurity experts and notified all affected clients. “We are confident Pornhub was not among those clients and that this data is unrelated to the November incident,” a spokesperson said.

ShinyHunters is a well-known hacking group linked to a series of high-profile breaches and extortion attempts in recent months, including attacks on Salesforce and luxury retailers in the U.K.

Source: Reuters