Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
An infamous hacking group is extorting customers of analytics firm Mixpanel following a November cyber attack – but what can we learn from this?
Supply chain attacks can make for some strange bedfellows when it comes to the scope of the victims affected, and a recent breach disclosed by data analytics company Mixpanel may take the cake.
On 27 November, the company disclosed a cyber incident following a November smishing attack.
“On November 8th, 2025, Mixpanel detected a smishing campaign and promptly executed our incident response processes,” Mixpanel’s CEO, Jen Taylor, said.
“We took comprehensive steps to contain and eradicate unauthorised access and secure impacted user accounts. We engaged external cyber security partners to remediate and respond to the incident.”
The company said it had already “proactively” been in touch with impacted customers and that it was continuing to “prioritise security as a core tenet of our company, products and services”.
One of those impacted customers was artificial intelligence giant OpenAI, which jumped the gun on Mixpanel’s disclosure with its own 26 November advisory.
“The incident occurred within Mixpanel’s systems and involved limited analytics data related to some users of the API. Users of ChatGPT and other products were not impacted,” OpenAI said.
“This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.”
OpenAI said it uses Mixpanel’s services to manage web analytics on its API front end.
Enter, pornography
Another customer – or, at least, ex-customer – of the company, it turns out, is Pornhub, which disclosed that data relating to “some” of its Pornhub Premium customers had been impacted by the breach.
“A recent cyber security incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users,” Pornhub said in a 12 December disclosure.
“Specifically, this situation affects only select Premium users. It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed.”
Pornhub added that it had not used Mixpanel since 2021, so any data impacted is at least four years old.
“We have engaged with relevant authorities and with Mixpanel, so that we can provide you with facts,” Pornhub said.
“We are working diligently to determine the nature and scope of the reported incident.”
The hackers emerge
Now, perhaps unsurprisingly, the group behind the attack is ShinyHunters, the same group linked to hacking super team Scattered Lapsus$ Hunters, which in turn was behind this year’s Qantas hack and many, many others.
According to reporting by Bleeping Computer, which has been in contact with the hackers, the group began an extortion campaign targeting Mixpanel customers last week.
“In an extortion demand sent to PornHub, ShinyHunters claims it stole 94GB of data containing over 200 million records of personal information in the Mixpanel breach,” Bleeping Computer’s Lawrence Abrams wrote on 15 December.
“ShinyHunters later confirmed to BleepingComputer that they were behind the extortion emails, claiming the data consists of 201,211,943 records of historical search, watch, and download activity for the platform’s Premium members.”
ShinyHunters shared a “small sample” of the data, and it’s exactly like it sounds – the kind of stuff you really don’t want coming to light.
The lesson
No modern company is an island. Most businesses rely on some form of third-party service provider inside their supply chain, whether that be physical or digital.
This means that security does not end at any given company’s perimeter – it extends to their partners and providers, who may well have access to sensitive internal information.
Your systems may be secure – your providers’ may not. Perform regular external audits to make sure anyone holding data that matters to you knows that it should matter to them.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
