ShinyHunters Hacked Pornhub: Privacy Risks and a Lesson for Ukrainians
Reuters reports on Bitcoin extortion following a leak of paid users' data. We explain why this matters now and what simple steps can protect your privacy.
By Oleg Bazylewicz
December 17, 2025 · 2 min read
Why this is worth reading
The hacker group ShinyHunters reported breaching the paid portion of the Pornhub site and is demanding a ransom in Bitcoin. Even if some of the data are several years old, the issue is important: it demonstrates how intrusions into others' databases can become a tool for blackmail and reputational damage for anyone — including Ukrainians, who due to the war are particularly vulnerable to personal data leaks.
What is known — the facts
According to Reuters, the hackers provided journalists with a sample of the stolen data that included records for at least 14 users of the paid version. Reuters contacted several people on the list — three confirmed the data were theirs, although they could be outdated.
"The hackers provided journalists at Reuters with a sample of the stolen data."
— Reuters
ShinyHunters is known for previous attacks on services such as Salesforce and other companies. The hackers claim the theft is related to an incident on the Mixpanel platform. Mixpanel denies this and refers to an internal investigation.
"The data were last viewed in 2023 from a legitimate account of an employee of the parent company, and there are no signs of a leak on our side."
— a Mixpanel representative (quote via Reuters)
Consequences for users and for Ukraine
Even small samples of data can be the starting point for social engineering, phishing, or targeted blackmail. For Ukrainians this means increased risk, given the combination of a large number of internally displaced people, individuals vulnerable to reputational attacks, and those working in government or security sectors.
What to do right now
- Update passwords on key services; avoid reusing passwords. - Enable two-factor authentication where possible. - Be vigilant with emails and messages asking you to "confirm your account" — this may be phishing. - Check financial transactions and report suspicious activity to your bank. - If necessary, use credit monitoring services or freeze your credit.
Conclusion
This story is a reminder of two things: first, even large platforms are not immune to incidents; second, responsibility for security rests with both companies and users. While we await official explanations from Pornhub and its owners, it is important to act practically: protect your accounts and watch for messages from verified sources.
