A cybercrime group has claimed responsibility for stealing sensitive user data linked to Pornhub and says it is now pressuring the adult entertainment platform for payment. The group, calling itself Scattered Lapsus$ Hunters, includes individuals associated with the well-known hacking collective ShinyHunters, which has been behind multiple large-scale breaches in recent years.
Pornhub confirmed that it was impacted by a security incident connected to Mixpanel, a popular analytics service used by thousands of companies to track user behavior on websites and mobile apps. According to Pornhub, the exposed information involved certain “analytics events” tied specifically to users with Premium subscriptions. The company stated that the issue originated from Mixpanel rather than Pornhub’s own systems.
Security researchers and journalists later reviewed a sample of the stolen data, which reportedly contained detailed records related to Premium members. This information allegedly included registered email addresses, approximate location data, viewing activity, specific video titles and URLs, search keywords, and timestamps showing when content was accessed. While no payment or identity documents were mentioned, the nature of the data raises serious privacy concerns given the platform involved.
Mixpanel disclosed earlier that it detected unauthorized access on November 8, shortly before the U.S. Thanksgiving holiday. At the time, the company acknowledged that corporate customers were affected but did not publicly name them. Since then, multiple organizations — including technology and financial platforms — have confirmed their involvement in the breach.
The extent of data exposure appears to vary depending on how individual companies configured Mixpanel’s tracking features. The service is designed to collect granular behavioral data, allowing businesses to monitor how users interact with digital products. This can include page views, clicks, app usage, device characteristics, network type, and other technical details.
Scattered Lapsus$ Hunters reportedly contacted Pornhub directly with an extortion demand. The group has not disclosed how many other companies may have received similar threats, despite Mixpanel’s customer base numbering in the thousands. Each affected customer could potentially represent millions of end users.
The hacking group is believed to be primarily English-speaking and based in Western countries. Over the past year, it has been linked to several major data thefts involving enterprise software providers, resulting in widespread downstream exposure across hundreds of businesses.
Separately, SoundCloud also confirmed that a portion of its user base — roughly one-fifth — was impacted by unauthorized access tied to a third-party service. The company stated that the compromised information included email addresses and data already visible on public user profiles.
As investigations continue, the incident highlights the growing risks associated with third-party analytics tools and the cascading impact a single breach can have across multiple platforms.
