The hacking group Scattered Lapsus$ Hunters, which includes members of a gang known as ShinyHunters, said it was trying to blackmail porn site Pornhub, after it allegedly stole personal information belonging to the site’s premium members.
Friday, Pornhub confirmed It was among several companies affected by a previous breach of widely used web and mobile analytics provider Mixpanel, which exposed unspecified “analytics events” for some Pornhub Premium users.
Monday, sleeping computer I mentioned See a sample of the stolen Pornhub data, which included personal information associated with Pornhub Premium members, including their registered email addresses and location; The type of activity, such as the videos and channels they watched, including the video name and web address; Keywords related to the video; The date and time the event was recorded.
Gene Taylor, CEO of Mixpanel, did not respond to TechCrunch’s request for comment. A Pornhub spokesperson, who did not provide his full name, did not answer questions sent by TechCrunch about the incident, referring us instead to the company’s published statement.
A spokesperson for the ShinyHunters gang told TechCrunch that the hackers have only sent an extortion email to Pornhub so far, and declined to say how many other companies were part of the Mixpanel incident.
Just before the Thanksgiving holiday in the United States, Mixpanel revealed the hack it discovered on November 8, which affected its corporate customers, without mentioning which ones or how they were affected. OpenAI It was later confirmed It was one of those affected customers, along with CoinTracker and SwissBorg.
According to Mixpanel’s website, the company has about 8,000 customers, and each customer likely has millions of users whose data was taken during the hack.
Contact us
Do you have more information about the Mixpanel hack? Like what companies are affected? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or email.
The type of data stolen will likely depend on how each customer configured their Mixpanel account to collect data.
Generally, businesses use Mixpanel to track what users do on their sites or apps, similar to an app developer or website owner monitoring a user to see what they click, view, or drag. Mixpanel can also log information about a user’s devices, such as screen size, whether it’s connected to a Wi-Fi or cellular network, and carrier name, among other data.
Scattered Lapsus$ Hunters is an alliance of primarily English-speaking hackers believed to be based in Western countries. Hackers have a long history of data breaches and are responsible for some of the largest breaches this year, including a data theft targeting Salesforce and Gainsight customers, which affected hundreds of companies.
Also on Friday, SoundCloud certain That about 20% of its users were affected by “unauthorized activity in the additional service’s dashboard,” likely a reference to Mixpanel. The audio streaming giant said the stolen data included email addresses and “information already visible on public profiles on SoundCloud.”
SoundCloud did not respond to TechCrunch’s request for comment.