Pornhub users' viewing history has been hacked – here's what to do next

Yahoo News UKYahoo News UK

Pornhub users' viewing history has been hacked – here's what to do next

A notorious cybercriminal gang has gained access to the names, location and viewing habits of Pornhub customers.

Rob Waugh

,

Contributor

Wed, December 17, 2025 at 3:07 PM UTC

5 min read

Verify your age screen on the Pornhub website on a mobile phone, UK. Concept: adult website, online safety act, harmful content, online safety law
Data from Pornhub users has leaked online. (Alamy)

A notorious cybercriminal gang says it has gained access to the names, location and viewing habits of Pornhub customers.

Criminals from the ShinyHunters group claim to have stolen 200 million pieces of personal information, including email addresses, location and the titles and links of videos that users have viewed.

At least three former Pornhub customers – two men in Canada and a man in the US – have confirmed, speaking to the Reuters news agency, that the data pertaining to them was authentic, albeit several years old. They spoke on condition of anonymity.

Advertisement

Advertisement

Advertisement

Advertisement

Pornhub claims to have more than 100 million daily visits and 36 billion visits per year. It one of the web’s most popular purveyors of sexual content, particularly videos, many of which are free to view.

Pornhub said in a statement: "A recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users.

"Specifically, this situation affects only select Premium users. It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed."

ShinyHunters said in an online chat with Reuters: “We’re demanding a ransom payment in bitcoin to prevent the publication of data and delete the data.”

What data has been stolen?

Canada-based Pornhub has insisted that no passwords, payment details or financial information have been stolen in the attack.

Advertisement

Advertisement

Advertisement

Advertisement

Pornhub claims that the data was stolen via a data analytics provider Mixpanel, and says it stopped working with the company in 2021.

Mixpanel, which offers its clients detailed visibility into user data and activities, disclosed a cybersecurity incident on 27 November. It has pushed back against the statement, claiming there is no evidence it is behind the leak.

Pornhub has said that the leaked data only affects Premium users, and that it is working to establish the scope of the breach.

“The unauthorised party was able to use this unauthorised access to extract a limited set of analytics events for some users," Pornhub said in a statement.

Advertisement

Advertisement

Advertisement

Advertisement

The ‘analytics events’ are understood to include video viewing history, including titles and links - including when videos were viewed or downloaded.

Graeme Stewart, head of public sector at cybersecurity company Check Point Software, told Yahoo News: "What the Pornhub breach appears to expose is not passwords or payment details, but behaviour. Search history, viewing patterns, timestamps. The kind of data people assume disappears but often sits quietly in analytics systems for years."

How to check if you have been hacked?

At present, there is no sign that the data has been leaked online, according to cybersecurity firm Sophos.

ShinyHunters has shown off details of what it claims are users of Pornhub’s premium service, which offers ad-free viewing and high-definition videos.

Advertisement

Advertisement

Advertisement

Advertisement

The group claims to have 94GB of data, suggesting that the leak may be substantial.

What should you do if you have been hacked?

There have been high-profile leaks of data from adult sites before, including from infidelity website Ashley Madison in 2015.

Privacy advocates have previously warned that the Online Safety Act, which compels UK users of adult sites to use age-verification systems, could lead to private data leaking online.

Pornhub has said, “While our investigation is ongoing, we encourage all users to remain vigilant by monitoring their accounts for any suspicious emails or unusual activity.”

Stewart, head of public sector at Check Point Software, says the sensitive nature of the data is what makes it so valuable.

Advertisement

Advertisement

Advertisement

Advertisement

“This is highly emotive content because people reasonably expect their use of adult sites to remain private," he explained to Yahoo News. "Many will not want partners, employers or families knowing they have ever been there.

The Pornhub logo appears on a smartphone screen and as the background on a laptop screen in this photo illustration in Athens, Greece, on July 26, 2025. Around 6,000 sites allowing porn in the United Kingdom (UK) start checking if users are over 18 on Friday, according to the media regulator Ofcom. Dame Melanie Dawes, its chief executive, tells the BBC 'we are starting to see not just words but action from the technology industry' to improve child safety online. (Photo by Nikolas Kokovlis/NurPhoto via Getty Images)
The UK introduced age verification for websites with pornographic material in July. (Getty)

“That sensitivity is exactly what makes this kind of data so valuable to bad actors. If this follows established patterns, the next step is attempted extortion of Pornhub and any third-party providers involved. After that, individuals themselves become the target. In many ways, it is surprising this has not already happened. The parallels with the Ashley Madison hack are clear.

“This is the risk some of us warned about when age assurance was written into the Online Safety Act. Once identity and behaviour are linked, even indirectly, you are no longer just checking age. You are building a file. And files attract attention.”

Users should also be aware that if they receive an email from hackers claiming to have your information as it may not be genuine, warns Brian Higgins, security specialist at Comparitech.

Advertisement

Advertisement

Advertisement

Advertisement

"The huge numbers quoted in data breaches these days only help to fuel the fear, uncertainty and doubt that criminal organisations rely on to mount successful post-breach extortion campaigns," he said.

"It’s worth remembering that, although many millions of files are quoted as compromised, it’s only pre-2023 PornHub Premium customers who need to be on their guard in this instance and most people are grown-up enough to understand that viewing adult content is a fairly ubiquitous activity these days.

"It’s up to the individual how they choose to deal with such attacks but, given the scale of the breach, there’s every chance initial contact could be speculative. In any event whether you choose to delete and report or pay and pray, there's no guarantee you will ever secure your leaked information again."

Who are ShinyHunters?

ShinyHunters is a notorious criminal hacker group which specialises in extortion, hacking into data and threatening to leak it online.

Advertisement

Advertisement

Advertisement

Advertisement

The group has hacked targets including Mashable, LVMH, Google, AT&T Wireless, Santander, Marriott, Cisco, Toyota, Gap, Ticketmaster and the Ministry of Justice's Legal Aid Agency.

The group often pretends to be IT support staff, gaining a toehold in systems before stealing data from the target’s Salesforce software, which handles business tasks such as sales and IT.

The group is thought to overlap with a network of hackers known as ‘The Com’ or ‘The Community’ which includes the Scattered Spider group, behind this year’s Marks & Spencer hack, which knocked out the company’s online ordering system.

Both groups are believed to be composed of hackers from the UK and the US, and to use social engineering tactics to break into company systems.

Source