A hacking collective known as Scattered Lapsus$ Hunters, which includes members of the notorious ShinyHunters gang, says it is attempting to extort Pornhub after allegedly stealing personal information belonging to the site’s premium users.
Pornhub confirmed on Friday that it was among several companies affected by a previously disclosed breach at Mixpanel, a widely used web and mobile analytics provider. The breach exposed unspecified “analytics events” linked to some Pornhub Premium users.
According to a report by Bleeping Computer on Monday, a sample of the stolen data includes registered email addresses, location data, viewing activity, video names and URLs, associated keywords, and timestamps showing when users watched specific content.
Pornhub declined to answer detailed questions about the incident, referring inquiries to its public statement. Mixpanel CEO Jen Taylor also did not respond to requests for comment.
A ShinyHunters spokesperson told TechCrunch that an extortion email has so far been sent only to Pornhub, and declined to reveal how many other companies may have been impacted by the Mixpanel breach.
Mixpanel disclosed the breach shortly before the U.S. Thanksgiving holiday, saying it discovered unauthorized access on November 8. The company did not initially name affected customers. Since then, OpenAI, CoinTracker, and SwissBorg have confirmed they were impacted.
Mixpanel reportedly has around 8,000 customers, each potentially representing millions of end users, depending on how data collection was configured. The company is commonly used to track user behavior on apps and websites, including clicks, views, device information, and network details.
Scattered Lapsus$ Hunters is believed to be a coalition of mostly English-speaking hackers based in Western countries. The group has been linked to some of the largest data breaches of the year, including attacks affecting Salesforce and Gainsight customers.
Related: The Global Battle Over Age Verification Laws and Online Privacy
Separately, SoundCloud confirmed on Friday that about 20% of its users were affected by unauthorized activity involving an ancillary service dashboard, likely Mixpanel. The exposed data reportedly includes email addresses and information already visible on public profiles. SoundCloud has not commented further.
The incident highlights growing concerns over third-party analytics services and the sensitive user data they can expose when breached.
