A prominent hacking collective, Scattered Lapsus$ Hunters, which includes members of the notorious ShinyHunters gang, claims to be extorting adult entertainment giant Pornhub. The group asserts it has stolen sensitive personal information belonging to the platform's premium members, data reportedly acquired through a wider breach at web and mobile analytics provider Mixpanel. This incident underscores the significant risks associated with third-party data services and the potential for widespread user data theft.
Pornhub Confirms Mixpanel Link
Pornhub recently confirmed it was among several companies impacted by an earlier data breach at Mixpanel, a widely used analytics provider. While Mixpanel initially disclosed that the breach exposed unspecified "analytics events" of some users, the full extent of the compromise has become clearer.
Details of Stolen Data
Reports from Bleeping Computer indicate that a sample of the stolen Pornhub data includes highly personal information. This encompasses registered email addresses, user locations, and detailed activity types. Specifically, the data reveals which videos and channels premium members watched, including video names and web addresses, associated keywords, and the exact date and time of these viewing events. Such comprehensive data could pose significant privacy risks to affected individuals.
The Hacking Collective
Scattered Lapsus$ Hunters is described as a coalition of primarily English-speaking hackers believed to operate from Western countries. The group has a documented history of major data breaches, including high-profile incidents this year targeting customers of Salesforce and Gainsight, which collectively impacted hundreds of companies. Their involvement with the ShinyHunters gang further solidifies their reputation for sophisticated cyberattacks.
Wider Impact of the Mixpanel Breach
The Mixpanel breach, discovered on November 8 and revealed just before Thanksgiving, affected numerous corporate customers. While Mixpanel initially withheld specific names, companies like OpenAI, CoinTracker, and SwissBorg later confirmed their exposure. Mixpanel's website indicates it serves approximately 8,000 customers, each potentially having millions of users whose data could have been compromised.
SoundCloud also confirmed that about 20% of its users were affected by "unauthorized activity in an ancillary service dashboard," likely referring to the Mixpanel incident. The audio streaming platform stated that stolen data included email addresses and information already publicly visible on SoundCloud profiles.
Company Responses and Lack Thereof
Neither Mixpanel CEO Jen Taylor nor a Pornhub spokesperson provided detailed comments to TechCrunch regarding the incident, with Pornhub referring inquiries to its published statement. Similarly, SoundCloud did not respond to requests for comment. A spokesperson for the ShinyHunters gang confirmed that an extortion email had been sent only to Pornhub so far, declining to specify other companies involved in the Mixpanel incident.
How Mixpanel Collects Data
The specific type of data stolen likely varies depending on how each customer configured their Mixpanel account. Generally, companies utilize Mixpanel to track user behavior on their websites or applications – observing clicks, views, and swipes. Mixpanel can also log device-specific information, such as screen size, network type (Wi-Fi or cellular), and carrier name, among other data points. This extensive data collection capability makes breaches at such providers particularly impactful.
