Millions impacted by PornHub, SoundCloud data breaches

Music sharing platform Soundcloud and pornography giant PornHub both warned customers this week of recent cybersecurity intrusions that gave hackers access to internal data. 

PornHub, which is owned by Canada-based Ethical Capital Partners, sent emails out to many users and published a statement warning that it was affected by a recent breach of data analytics service provider Mixpanel. 

The hackers used their access through Mixpanel to “extract a limited set of analytics events for some users,” PornHub said in a statement. The company said its Pornhub Premium systems were not breached and no payment details or financial information was exposed. 

When reached for comment, PornHub declined to say how many users were affected and what information was stolen. Several news outlets reported on a prominent group of hackers allegedly extorting PornHub with threats of leaking stolen data but their claims could not be verified. 

The company said it is working with law enforcement and Mixpanel to investigate the issue. In comments to Reuters, Mixpanel denied that it was at fault for the data that was allegedly stolen from PornHub. 

Mixpanel itself reported a security incident on November 27, with CEO Jen Taylor writing that the cyberattack was first discovered on November 8. The company shared few details about the breach, only writing that it was the victim of a “smishing” campaign and has contacted all of the customers affected by the attacks. 

OpenAI came forward one day earlier as one of the Mixpanel customers impacted by the breach. OpenAI uses Mixpanel for web analytics and said some of its API users had data stolen as part of the incident. 

“On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information,” OpenAI said in a statement on November 26. “Mixpanel notified OpenAI that they were investigating, and on November 25, 2025, they shared the affected dataset with us.”

The information stolen from OpenAI included names, email addresses, location, operating system and other technical information on API users. OpenAI says it removed Mixpanel from its production services and is in the process of notifying impacted organizations. 

On Monday, music sharing platform Soundcloud also came forward to warn customers about a similar data breach.

While SoundCloud did not name Mixpanel, the company said it “recently detected unauthorized activity in an ancillary service dashboard.”

SoundCloud’s IT team attempted to contain the activity and hired cybersecurity experts to handle the response. But when they tried to limit the hackers’ access, the site “experienced denial of service attacks, two of which were able to temporarily disable our platform’s availability on the web only.”

“We understand that a purported threat actor group accessed certain limited data that we hold. We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed,” the company said. 

“The data involved consisted only of email addresses and information already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users. We are confident that any access to SoundCloud data has been curtailed.”

SoundCloud has about 200 million users, meaning the incident likely impacted about 40 million customers. 

The company noted that some of the security changes made over the last week have caused users with VPNs to experience connectivity issues. 

BleepingComputer spoke with members of a prominent cybercriminal group called ShinyHunters that allegedly took credit for the Mixpanel attacks. If accurate, the claims would represent yet another high-profile hacking campaign launched by members of the group this year. 

Members of the group previously breached customers of Salesforce and exploited loopholes in a related platform that allowed them to harass and extort companies in aviation, insurance and retail throughout the summer.