Pornhub Data Breach

Companies Affected: MindGeek and its subsidiary companies, including Pornhub

Total Customers Affected: An estimated 100 million Pornhub Premium subscribers

Date Reported: December 12, 2025

Information Impacted: Pornhub activity history, including searches, keywords, viewing history, and downloads, and email addresses.

Pornhub recently announced that the sensitive information of its paid subscribers was breached due to a cyber attack. The compromised information includes email addresses, activity type, location, video URL, video name, keywords associated with the video and the time the event occurred, whether the subscriber watched or downloaded a video or viewed a channel and search histories. Pornhub reported that the individuals responsible for the breach have threatened to contact Pornhub Premium subscribers directly, possibly to solicit additional information or threaten to publicly release the private information.

For more information on the incident, read here:

• 200 million records exposed in massive Pornhub data breach — here’s what we know so far | Toms Guide (12.17.25)
• PornHub extorted after hackers steal Premium member activity data | Bleeping Computer (12.15.25)

According to reports, breached data may have included email addresses, activity type, location, video URL, video name, keywords associated with the video and the time the event occurred, whether the subscriber watched or downloaded a video or viewed a channel and search histories. The company has not yet disclosed the total number of customers who were affected.

Data breaches occur when a malicious third party, such as a computer hacker, gains access to sensitive consumer and other data held by a business who was entrusted to protect it. Frequently, data breaches are the result of insufficient data security, allowing hackers to illegally gain access to the data and either misuse it themselves (e.g., for identity theft or fraud) or sell or trade that data with others, often on the “dark web”.

Unfortunately, in the modern age, data breaches have become a fact of life. Where data breaches are the result of insufficient protections put in place by the breached business, however, the business may be required to compensate the victims whose personal data was improperly accessed.

Being the victim of a data breach in which criminal actors may have access to personal information can be a stressful and frightening experience. Data breaches can place the victims at an increased risk of fraud or identity theft, as their stolen data can be misused by criminal actors, often long after the breach itself. For example, where a username and password are disclosed as part of a data breach, bad actors might make use of that information to illegally access accounts.

In some cases, the information disclosed through a data breach can be profitable to criminals immediately, who may use stolen login information to commit fraud and identity theft. In other cases, the personal information disclosed is bought and sold online where it can be combined with data from other sources (including other data breaches.) In other words, it is often impossible to know the true risks and effects of a data breach until long after the breach has occurred, as criminals may be analyzing and aggregating the stolen data into comprehensive identity theft packages. This is why holding businesses accountable is important.