Are you a Pornhub Premium member? You may want to pay closer attention to the data breach notification, which is described as a “limited set of analytics events.” The real story behind these words is that your browsing and search history may now be in the hands of hackers, and whether it becomes public depends on whether Pornhub pays the required ransom.
According to PipComputerPornhub claims that the hack was the result of a smishing attack (SMS phishing) on ​​third-party analytics partner Mixpanel. The hack occurred on November 8th and was initially linked to data leaks at OpenAi and CoinTracker. Only some users were affected and no passwords, payment details, financial information or government IDs were stolen. The company also says its partnership with Mixpanel will end in 2021.
For its part, Mixpanel subsequently told BleepingComputer that “[t]The last time the data was accessed was by a legitimate employee account at Pornhub's parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe this is the result of a security breach in Mixpanel.”
Since Pornhub initial noticeRansomware group ShinyHunters has since publicly claimed responsibility for the hack, sending emails to the affected companies demanding a ransom to prevent the data from being released. Pornhub is one of the most potentially dangerous for users if it were to spread, with a 94GB dataset containing search, viewing and download histories for more than 200 million Pornhub Premium subscribers.
In its report, BleepingComputer says it saw sample data that included the participant's email address, activity type, location, links to videos, video titles, keywords associated with the videos, and the time the user's activity occurred. In terms of activity types, BleepingComputer only checked whether a subscriber was watching, downloading a video, or viewing a channel. The search history remains unverified as part of the dataset.
Jared Newman / Foundry
So what does this mean for you if you're a current or former Pornhub Premium subscriber? First of all, don't panic. Yes, this could be a serious violation of your privacy. But there is no need for any extreme actions on your part. Instead, consider preparing yourself in the following areas:
Extortion: You may be at risk of subsequent extortion attempts if Pornhub and ShinyHunters do not reach an agreement to pay the ransom and the information is not leaked to the wider dark web. I would caution against making a one-time payment as this may lead to further demands for additional or larger amounts of cash. Instead, plan now how you will break the news (if it is even warranted) to family, employer, etc. Or how to protect yourself from negative reactions if this is not possible.
Fraud: Fraudsters have become more sophisticated in their approaches to victims, with artificial intelligence tools doing most of the work to create tailored campaigns. If Pornhub is leaked, be wary of messages or invitations that match your tastes. For example, you may fall for a love scam.
Hide your email address: Consider switching to masked email addresses for your accounts. These aliases hide your real email address, but redirect messages back to your main inbox, preventing attackers (and onlookers) from immediately identifying you or creating your profile for more effective scams or extortion. You can try them for freeeven!
Unfortunately, data breaches will continue in the future. For most people who may be embarrassed by others knowing what they are buying, viewing, or otherwise patronizing, it is best not to trust companies to keep your information secure. I now assume that any details I provide to the website may become public through no fault of my own, and plan accordingly.
