Hacker group Scattered Lapsus$ Hunters, which includes members of a gang known as ShinyHunters, has said it is attempting to blackmail porn site Pornhub after it claims it has stolen personal information belonging to premium members of the site.
on Friday, Pornhub confirmed was among several companies affected by a previous breach at widely used web and mobile analytics provider Mixpanel, which exposed unspecified “analytics events” of some Pornhub Premium users.
On Monday, Bleeping Computer was mentioned viewing a sample of the stolen Pornhub data, which included personal information related to Pornhub Premium members, including their registered email addresses and location. type of activity, such as videos and channels watched, including the name and web address of the video. keywords associated with the video; and the date and time the event was recorded.
Mixpanel CEO Jen Taylor did not respond to TechCrunch’s request for comment. A representative for Pornhub, who did not give his full name, did not respond to questions sent by TechCrunch about the incident, referring us to the company’s published statement.
A spokesperson for the ShinyHunters gang told TechCrunch that the hackers have only sent an extortion email to Pornhub so far, and declined to say how many other companies were involved in the Mixpanel incident.
Just before the US Thanksgiving holiday, Mixpanel disclosed a breach it discovered on November 8 that affected its enterprise customers, without saying who or how they were affected. OpenAI later confirmed was one of those affected customers, along with CoinTracker and SwissBorg.
According to Mixpanel’s website, the company has about 8,000 customers, with each customer potentially having millions of users whose data was taken in the breach.
Contact us
Got more info on the Mixpanel hack? Like which companies were affected? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or via email.
The type of data stolen likely depends on how each customer configured their Mixpanel account to collect data.
Generally, companies use Mixpanel to track what their users are doing on their website or apps, much like an app developer or website owner watching over a user’s shoulder to learn what they’re clicking, viewing, or scanning. Mixpanel may also record information about the user’s devices, such as screen size, whether they are on Wi-Fi or a cellular network, and the name of their carrier, among other data.
Scattered Lapsus$ Hunters is a coalition of mostly English-speaking hackers believed to be based in Western countries. Hackers have a long history of data breaches and are responsible for some of the biggest hacks this year, including data thefts targeting Salesforce and Gainsight customers that affected hundreds of companies.
Also on Friday, SoundCloud confirmed that about 20% of its users were affected by “unauthorized activity on a utility dashboard,” possibly referring to Mixpanel. The audio streaming giant said the stolen data included email addresses and “information already visible on public SoundCloud profiles.”
SoundCloud did not respond to TechCrunch’s request for comment.
