4 months ago
42
The hacking radical Scattered Lapsus$ Hunters, which includes members of a pack known arsenic ShinyHunters, said it is attempting to extort porn tract Pornhub, aft claiming to person stolen idiosyncratic accusation belonging to the website’s premium members.
On Friday, Pornhub confirmed it was among respective companies affected by an earlier breach astatine the wide utilized web and mobile analytics supplier Mixpanel, which exposed unspecified “analytics events” of immoderate Pornhub Premium users.
On Monday, Bleeping Computer reported seeing a illustration of the stolen Pornhub data, which included idiosyncratic accusation associated with PornHub Premium members, including their registered email addresses and location; enactment type, specified arsenic which videos and channels they watched, including the video sanction and web address; keywords associated with the video; and the day and clip that the lawsuit was recorded.
Mixpanel main enforcement Jen Taylor did not respond to TechCrunch’s petition for comment. A Pornhub spokesperson, who did not supply their afloat name, did not reply questions sent by TechCrunch astir the incident, referring america alternatively to the company’s published statement.
A spokesperson for the ShinyHunters pack told TechCrunch that the hackers person sent an extortion email lone to Pornhub truthful far, and declined to accidental however galore different companies were portion of the Mixpanel incident.
Right earlier the U.S. vacation of Thanksgiving, Mixpanel revealed a breach that it discovered connected November 8, which affected its firm customers, without saying which ones, nor however they were affected. OpenAI later confirmed it was 1 of those affected customers, arsenic good arsenic CoinTracker and SwissBorg.
According to Mixpanel’s website, the institution has astir 8,000 customers, with each lawsuit having perchance millions of users whose information was taken successful the breach.
Contact Us
Do you person much accusation astir the Mixpanel breach? Such arsenic what companies were affected? From a non-work device, you tin interaction Lorenzo Franceschi-Bicchierai securely connected Signal astatine +1 917 257 1382, oregon via Telegram and Keybase @lorenzofb, oregon email.
The benignant of information stolen apt depends connected however each lawsuit configured their Mixpanel relationship to cod data.
Generally speaking, companies usage Mixpanel to way what their users bash connected their tract oregon apps, akin to an app developer oregon website proprietor watching implicit a user’s enarthrosis to larn what they click, view, oregon swipe. Mixpanel tin besides log accusation astir the user’s devices, specified arsenic the size of the screen, whether they are connected Wi-Fi oregon a cellular network, and the sanction of the carrier, among different data.
Scattered Lapsus$ Hunters is simply a conjugation of chiefly English-speaking hackers who are believed to beryllium successful Western countries. The hackers person a agelong past of information breaches and are liable for immoderate of the largest hacks this year, including information thefts targeting Salesforce and Gainsight customers, which affected hundreds of companies.
Also connected Friday, SoundCloud confirmed that astir 20% of its users were affected by “unauthorized enactment successful an ancillary work dashboard,” apt referring to Mixpanel. The audio streaming elephantine said the stolen information includes email addresses and “information already disposable connected nationalist SoundCloud profiles.”
SoundCloud did not respond to TechCrunch’s petition for comment.
English (US) ·