Global cybersecurity concerns intensified this week as popular platforms PornHub and SoundCloud confirmed that millions of users were affected by recent data breaches, raising serious questions about data protection and third-party service security.
PornHub Data Breach via Mixpanel
PornHub, owned by Canada-based Ethical Capital Partners, alerted users through emails and a public statement that it had been impacted by a cybersecurity breach involving analytics service provider Mixpanel.
According to PornHub, hackers exploited their access to Mixpanel to extract a limited set of user analytics data. The company emphasized that PornHub Premium systems were not compromised, and no payment details or financial information were exposed.
PornHub declined to reveal how many users were affected or the exact nature of the stolen data. Several media reports claimed that a hacker group attempted to extort PornHub by threatening to leak stolen data, though these claims remain unverified.
The company stated it is working closely with law enforcement and Mixpanel to investigate the incident. Mixpanel, however, denied responsibility for the data allegedly stolen from PornHub.
Mixpanel Confirms Security Incident
Mixpanel disclosed that it detected a security incident on November 8, later confirmed publicly on November 27. CEO Jen Taylor stated that the breach resulted from a “smishing” (SMS phishing) attack, but provided limited technical details.
Mixpanel confirmed it had notified all affected customers.
OpenAI Also Affected
One day before Mixpanel’s disclosure, OpenAI confirmed it was among the affected customers. OpenAI uses Mixpanel for web analytics and reported that some API users’ data was stolen.
The stolen information included names, email addresses, location data, operating systems, and technical details. OpenAI has since removed Mixpanel from its production systems and is in the process of notifying impacted organizations.
SoundCloud Data Breach Impacts 40 Million Users
On Monday, music-sharing platform SoundCloud also warned users of a data breach involving unauthorized access to an ancillary service dashboard.
Although SoundCloud did not directly name Mixpanel, it confirmed that hackers accessed limited user data. The company said no sensitive information such as passwords or financial data was compromised.
The exposed data included email addresses and publicly visible profile information, impacting approximately 20% of SoundCloud’s user base. With around 200 million users, the breach likely affected nearly 40 million people.
During the response, SoundCloud experienced denial-of-service (DoS) attacks, temporarily disrupting web access. The company also noted that recent security upgrades may cause connectivity issues for users using VPNs.
ShinyHunters Hacker Group Linked
Cybersecurity outlet BleepingComputer reported that members of the ShinyHunters cybercriminal group allegedly claimed responsibility for the Mixpanel-related attacks. If confirmed, this would mark another major hacking campaign linked to the group in 2025.
Growing Cybersecurity Concerns
These incidents highlight the growing risks of third-party service dependencies and underline the importance of stronger cybersecurity measures to protect user data in an increasingly digital world.