Hackers Threaten to Expose Pornhub Users Unless Bitcoin Ransom Is Paid

The notorious hacking group “ShinyHunters” claims to have stolen private user data from web porn giant Pornhub and is demanding a ransom payment in Bitcoin to prevent the publication of the potentially embarrassing data.

Reuters reports that in an alarming development for users of the leading adult entertainment site Pornhub, the notorious hacking group known as “ShinyHunters” has announced that it has obtained sensitive data pertaining to premium subscribers of the platform. The hackers are now threatening to release this potentially compromising information unless their demands for a ransom payment in Bitcoin are met.

While the full scope and scale of the alleged data breach remains unclear at this time, Reuters was able to partially authenticate a sample of the stolen data provided by the hackers. At least three former Pornhub premium customers, two based in Canada and one in the United States, confirmed that the leaked information was genuine, though several years old. The affected individuals spoke to Reuters on condition of anonymity given the highly sensitive nature of the matter.

In an online chat, ShinyHunters told Reuters, “We’re demanding a ransom payment in Bitcoin to prevent the publication of [Pornhub] data and delete the data.” However, the hacking group did not provide further details about how they acquired the user information.

Pornhub, which boasts over 100 million daily visits and 36 billion annual visits, is one of the most popular destinations for pornography on the internet. The site’s premium service offers users access to high-definition videos, ad-free viewing, and virtual reality experiences.

On December 12, Pornhub issued a statement disclosing a recent cybersecurity incident involving third-party data analytics provider Mixpanel. The incident, which occurred within Mixpanel’s environment, reportedly affected a limited set of analytics events for an undisclosed number of Pornhub Premium users. Mixpanel had previously disclosed its own cybersecurity incident on November 27.

In a statement to Reuters, Mixpanel maintained that it found no indication that the data claimed by ShinyHunters was stolen from its November 2025 security incident. The company stated that Pornhub’s data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023, and if the data is now in unauthorized hands, Mixpanel does not believe it is a result of a security breach on their end.

Breitbart News previously reported that ShinyHunters has successfully hacked many prominent companies, including Google:

Bleeping Computer reports that in a recent update to an article warning about ongoing Salesforce data theft attacks, Google revealed that it too fell victim to a breach in June. The tech giant’s disclosure comes amidst a wave of similar incidents targeting various companies, all orchestrated by the ShinyHunters threat actor group. According to Google, one of its corporate Salesforce instances was compromised in June, allowing the attackers to exfiltrate customer data during a brief window before access was cut off. The stolen data was reportedly limited to basic and largely public business information, such as company names and contact details. Google has classified the threat actors behind these attacks as ‘UNC6040’ or ‘UNC6240.’ However, BleepingComputer, which has been closely monitoring the situation, has confirmed that ShinyHunters is responsible for the breaches. The notorious group has a long history of high-profile attacks, including those targeting PowerSchool, Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, MathWay, and many others.

Read more at Reuters here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.