FRESH

Hacker News

Home

Pornhub extorted after hackers steal Premium member activity data

156 points by coloneltcb

by alsetmusic

5 subcomments

I feel extremely fortunate that I am unashamed of my sexuality, sex drive, or sexual interests. While I'd prefer that my porn history remain private, if anyone ever tried to shame me for it, I'd have no problem telling them I own my human desires.
Now, if I was a repressed person living in an area where that threatened my safety, I'd be terrified. It's a privilege that I don't have to worry about it, and that's the real problem when we get past the technical reasons why this shouldn't have happened.

by neilv

6 subcomments

I wonder what will be the watershed lawsuit event that makes tech companies consider capturing and holding PII to be liabilities.

by beAbU

0 subcomment

Don't send PII to mixpanel, kids! It's not a CRM and should not be treated as such. Why people do this is beyond me.

by jfindper

7 subcomments

>ShinyHunters
I had an inkling! They've been on a roll this past year or so.
>This data includes a PornHub Premium member's email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred.
Well, that's pretty fucking wild! Email address & time and location sent to a 3rd party, nice! Absolutely no reason for that, of course. Especially considering these are paying customers!
I guess somewhat notably is Mixpanel denying that it's coming from their November breach. They have less incentive to lie in this case, given that they've already admitted to being breached, and (presumably) their systems & logs have been gone over with a fine-toothed comb to identify all affected parties:
>"The data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel."

by rjdj377dhabsn

4 subcomments

Why are so many people paying for premium or even making an account at all?
The amount and variety of free porn is already enormous.

by cmiles8

0 subcomment

More Mixpanel shenanigans.

by rkagerer

0 subcomment

Forget the breach, what are they doing allowing a third party like Mixpanel access to such sensitive data in the first place?
I always teach companies to treat user information as somewhat toxic (i.e. a liability). Search and view history... it doesn't get much more personal than this.

by nullorempty

0 subcomment

1. take emails from other breaches 2. make files similar in structure to the ones leaked with junk links 3. flood internet with this junk data 4. problem solved

by dyl000

1 subcomments

if you have an account on a porn site you were a lost cause anyways.

by aussieguy1234

2 subcomments

Anyone who used their personal or work email to sign up to a site like pornhub should expect that email to be made public one day along with any other data they have on the site, including watch history.
In the case of personal emails, that same email can usually be used to look up the victim on social media (Facebook is an example) to reveal their identity, if, like most people, they used the same email on that social media site.
As most on HN will be aware, data breaches like this are extremely common. Its not a matter of if, its a matter of when. NSFW sites in particular are more juicy targets and often have bad security.

by NetOpWibby

0 subcomment

My 2021 watch history? Oh no!

by temptemptemp111

0 subcomment

[dead]

by dihsgitt

1 subcomments

[flagged]

by hereme888

1 subcomments

"I know what you did last summer"

by nusl

1 subcomments

Misleading title; a supplier of theirs was compromised.