The hacking group ShinyHunters announced on Tuesday that it has obtained data belonging to premium users of Pornhub, the popular adult content website, and is threatening to make the information public.
ShinyHunters said it had intercepted data linked to customers of Pornhub Premium, the platform’s paid subscription service, and warned that the data would be released unless a ransom was paid.
Although Reuters was unable to independently verify the scale, scope or specific details of the breach, the hackers provided a sample of the data, which the news agency was able to partially authenticate.
At least three former Pornhub customers, two men in Canada and one in the United States, confirmed to Reuters that the data attributed to them was genuine, though several years old. They spoke on condition of anonymity due to the sensitive nature of the matter.
“We demand a Bitcoin ransom to prevent the publication of [Pornhub’s] data and to have it deleted,” ShinyHunters told Reuters via an online chat.
Pornhub and its corporate owner, Ottawa-based Ethical Capital Partners, did not respond to requests for comment. The breach was first reported by cybersecurity news site Bleeping Computer.
Pornhub claims to attract more than 100 million visits per day and around 36 billion visits annually, making it one of the world’s most widely used adult content platforms, primarily offering video content, much of it free of charge.
ShinyHunters shared data from what they said were 14 users of Pornhub Premium, a service that offers high-definition videos, ad-free viewing and virtual reality features.
Reuters was able to match the details of six individuals from the ShinyHunters dataset with information previously leaked online in earlier breaches and retained by dark web intelligence firm District 4 Labs. Three of the affected individuals confirmed to Reuters that they had previously subscribed to Pornhub Premium.
Reuters could not immediately determine how ShinyHunters obtained the data. The group said it would not disclose details about the breach.
In a statement issued on 12 December, Pornhub disclosed a recent cybersecurity incident which it said involved a third-party analytics provider, Mixpanel, and affected an unspecified number of Pornhub Premium users. According to the statement, the incident occurred within Mixpanel’s environment and involved a “limited set of analytics events for certain users”.
Mixpanel, which provides clients with detailed insights into user data and activity, disclosed its own cybersecurity incident on 27 November. In a statement provided to Reuters on Tuesday, the company said it was aware of Pornhub’s announcement but “cannot find any indication that the data in question was stolen from the November 2025 security incident or otherwise”.
According to Mixpanel, Pornhub-related data on its platform was last accessed by a “legitimate employee account at Pornhub’s parent company in 2023”. “If this data is in the hands of an unauthorised third party, we do not believe it is the result of a security incident at Mixpanel,” the statement said.
ShinyHunters told Reuters that the data was linked to the recent Mixpanel incident. Mixpanel denied the claim, stating that it had conducted a thorough investigation with external cybersecurity experts and notified all affected clients.