Image Credits:Bryce Durbin / TechCrunch
The hacking group Scattered Lapsus$ Hunters, which includes members of a gang known as ShinyHunters, said it is attempting to extort porn site Pornhub, after claiming to have stolen personal information belonging to the website’s premium members.
On Friday, Pornhub confirmed it was among several companies affected by an earlier breach at the widely used web and mobile analytics provider Mixpanel, which exposed unspecified “analytics events” of some Pornhub Premium users.
On Monday, Bleeping Computer reported seeing a sample of the stolen Pornhub data, which included personal information associated with Pornhub Premium members, including their registered email addresses and location; activity type, such as which videos and channels they watched, including the video name and web address; keywords associated with the video; and the date and time that the event was recorded.
Mixpanel chief executive Jen Taylor did not respond to TechCrunch’s request for comment. A Pornhub spokesperson, who did not provide their full name, did not answer questions sent by TechCrunch about the incident, referring us instead to the company’s published statement.
A spokesperson for the ShinyHunters gang told TechCrunch that the hackers have sent an extortion email only to Pornhub so far, and declined to say how many other companies were part of the Mixpanel incident.
Right before the U.S. holiday of Thanksgiving, Mixpanel revealed a breach that it discovered on November 8, which affected its corporate customers, without saying which ones, nor how they were affected. OpenAI later confirmed it was one of those affected customers, as well as CoinTracker and SwissBorg.
According to Mixpanel’s website, the company has around 8,000 customers, with each customer having potentially millions of users whose data was taken in the breach.
The type of data stolen likely depends on how each customer configured their Mixpanel account to collect data.
Generally speaking, companies use Mixpanel to track what their users do on their site or apps, similar to an app developer or website owner watching over a user’s shoulder to learn what they click, view, or swipe. Mixpanel can also log information about the user’s devices, such as the size of the screen, whether they are on Wi-Fi or a cellular network, and the name of the carrier, among other data.
Scattered Lapsus$ Hunters is a coalition of primarily English-speaking hackers who are believed to be in Western countries. The hackers have a long history of data breaches and are responsible for some of the largest hacks this year, including data thefts targeting Salesforce and Gainsight customers, which affected hundreds of companies.
Also on Friday, SoundCloud confirmed that about 20% of its users were affected by “unauthorized activity in an ancillary service dashboard,” likely referring to Mixpanel. The audio streaming giant said the stolen data includes email addresses and “information already visible on public SoundCloud profiles.”
SoundCloud did not respond to TechCrunch’s request for comment.
Article Link
Archive
