After a recent data breach that affected Pornhub Premium members, Pornhub has updated its online statement to warn users about potential direct contact from cybercriminals.

“We are aware that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users directly. You may therefore receive emails claiming they have your personal information. As a reminder, we will never ask for your password or payment information by email.”

Pornhub is one of the world’s most visited adult video-sharing websites, allowing users to view content anonymously or create accounts to upload and interact with videos.

Pornhub has reported that on November 8, 2025, a security breach at third-party analytics provider Mixpanel exposed “a limited set of analytics events for certain users.” Pornhub stressed that this was not a breach of Pornhub’s own systems, and said that passwords, payment details, and financial information were not exposed.

Mixpanel confirmed it experienced a security incident on November 8, 2025, but disputes that the Pornhub data originated from that breach. The company stated there is:

“No indication that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”

Regardless of the source, cybercriminals commonly attempt to monetize stolen user data through direct extortion. At the moment, it is unclear how many users are affected, although available information suggests that only Premium members had their data exposed.

In October, we reported that one in six mobile users are targeted by sextortion scams. Sextortion is a form of online blackmail where criminals threaten to share a person’s private, nude, or sexually explicit images or videos unless the victim complies with their demands—often for more sexual content, sexual favors, or money.

Having your email address included in a dataset of known Pornhub users makes you a likely target for this type of blackmail.

How to stay safe from sextortion

Unless you used a dedicated throwaway email address to sign up for Pornhub Premium, you should be prepared to receive a sextortion-type email. If one arrives:

Any message referencing your Pornhub use, searches, or payment should be treated as an attempt to exploit breached or previously leaked data.
Never provide passwords or payment information by email. Pornhub has stated it will not ask for these.
Do not respond to blackmail emails. Ignore demands, do not pay, and do not reply—responding confirms your address is actively monitored.
Save extortion emails, including headers, content, timestamps, and attachments, but do not open links or files. This information can support reports to your email provider, local law enforcement, or cybercrime units.
Change your Pornhub password (if your account is still active) and ensure it’s unique and not reused anywhere else.
Turn on multi-factor authentication (MFA) for your primary email account and any accounts that could be used for account recovery or identity verification.
Review your bank and card statements for unfamiliar charges and report any suspicious transactions at once.
If you used a real-name email address for Pornhub, consider moving sensitive subscriptions to a separate, pseudonymous email going forward.

Use STOP, our simple scam response framework to help protect against scams.

S—Slow down: Don’t let urgency or pressure push you into action. Take a breath before responding. Legitimate businesses like your bank or credit card don’t push immediate action.
T—Test them: If you answered the phone and are feeling panicked about the situation, likely involving a family member or friend, ask a question only the real person would know—something that can’t be found online.
O—Opt out: If it feels off, hang up or end the conversation. You can always say the connection dropped.
P—Prove it: Confirm the person is who they say they are by reaching out yourself through a trusted number, website or method you have used before.

Should you have doubts about the legitimacy of any communications, submit them to Malwarebytes Scam Guard. It will help you determine whether it’s a scam and provide advice on how to act.

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

Malwarebytes
Pornhub tells users to expect sextortion emails after data exposure 22 December 2025 at 14:44

Pornhub tells users to expect sextortion emails after data exposure

Malwarebytes

22 December 2025 at 14:44

After a recent data breach that affected Pornhub Premium members, Pornhub has updated its online statement to warn users about potential direct contact from cybercriminals.

“We are aware that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users directly. You may therefore receive emails claiming they have your personal information. As a reminder, we will never ask for your password or payment information by email.”

Pornhub is one of the world’s most visited adult video-sharing websites, allowing users to view content anonymously or create accounts to upload and interact with videos.

Pornhub has reported that on November 8, 2025, a security breach at third-party analytics provider Mixpanel exposed “a limited set of analytics events for certain users.” Pornhub stressed that this was not a breach of Pornhub’s own systems, and said that passwords, payment details, and financial information were not exposed.

Mixpanel confirmed it experienced a security incident on November 8, 2025, but disputes that the Pornhub data originated from that breach. The company stated there is:

“No indication that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”

Regardless of the source, cybercriminals commonly attempt to monetize stolen user data through direct extortion. At the moment, it is unclear how many users are affected, although available information suggests that only Premium members had their data exposed.

In October, we reported that one in six mobile users are targeted by sextortion scams. Sextortion is a form of online blackmail where criminals threaten to share a person’s private, nude, or sexually explicit images or videos unless the victim complies with their demands—often for more sexual content, sexual favors, or money.

Having your email address included in a dataset of known Pornhub users makes you a likely target for this type of blackmail.

How to stay safe from sextortion

Unless you used a dedicated throwaway email address to sign up for Pornhub Premium, you should be prepared to receive a sextortion-type email. If one arrives:

Any message referencing your Pornhub use, searches, or payment should be treated as an attempt to exploit breached or previously leaked data.
Never provide passwords or payment information by email. Pornhub has stated it will not ask for these.
Do not respond to blackmail emails. Ignore demands, do not pay, and do not reply—responding confirms your address is actively monitored.
Save extortion emails, including headers, content, timestamps, and attachments, but do not open links or files. This information can support reports to your email provider, local law enforcement, or cybercrime units.
Change your Pornhub password (if your account is still active) and ensure it’s unique and not reused anywhere else.
Turn on multi-factor authentication (MFA) for your primary email account and any accounts that could be used for account recovery or identity verification.
Review your bank and card statements for unfamiliar charges and report any suspicious transactions at once.
If you used a real-name email address for Pornhub, consider moving sensitive subscriptions to a separate, pseudonymous email going forward.

Use STOP, our simple scam response framework to help protect against scams.

S—Slow down: Don’t let urgency or pressure push you into action. Take a breath before responding. Legitimate businesses like your bank or credit card don’t push immediate action.
T—Test them: If you answered the phone and are feeling panicked about the situation, likely involving a family member or friend, ask a question only the real person would know—something that can’t be found online.
O—Opt out: If it feels off, hang up or end the conversation. You can always say the connection dropped.
P—Prove it: Confirm the person is who they say they are by reaching out yourself through a trusted number, website or method you have used before.

Should you have doubts about the legitimacy of any communications, submit them to Malwarebytes Scam Guard. It will help you determine whether it’s a scam and provide advice on how to act.

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

Webroot Blog
Build strong digital defenses for your entire family 28 May 2025 at 20:37

Build strong digital defenses for your entire family

Webroot Blog

By: Nicole Beaudoin

28 May 2025 at 20:37

The month of June is a time for fun in the sun and a break from the school year, but did you know it’s also the perfect time to step up your family’s online security? June is Internet Safety Month, a yearly reminder to strengthen your defenses against online threats. In today’s hyper-connected world, we use the internet for just about everything, from shopping to banking to streaming and work. That goes for your kids as well. Many of their favorite activities, including gaming and connecting with friends on social media, are connected to the internet. While all this access means added convenience, it also means constant threats to your family’s online safety.

From phishing scams to malware, hackers are constantly looking for ways to exploit weaknesses in cybersecurity systems and software. Their goal is always the same: to get access to personal data and use it for profit. The rising numbers tell the story. In 2024, the FBI’s Internet Crime Complaint Center (IC3) received more than 850,000 cybercrime complaints, with reported losses exceeding $10.3 billion. This is partly due to the increase in data breaches. Studies show that 51% of Americans report they’ve been victims of a data breach, and 64% say they’ve changed their online behavior for fear of escalating online threats like ransomware and identity theft.

Keep summer screen time safe

It’s not just adults getting targeted online. Children and teens are increasingly exposed to scams (even extortion scams), cyberbullying, and inappropriate content—especially during summer when screen time surges. A recent Pew Research study found that 45% of teens are online almost constantly. So how do you let your kids enjoy their screens safely? Webroot Total Protection and Webroot Essentials offer parental controls that make it easy to manage your children’s online activity and content access. You can block specific websites, filter out inappropriate content and set daily limits on computer time. You can also monitor what sites your kids visit and interact with, and even tailor different levels of protection for each child. Whether your kids are watching YouTube, chatting on Discord, or gaming with friends, it’s a simple way to keep them safe without having to hover over them every time they’re online.

Protect every device

As we spend more time on our mobile devices, cybercriminals are following suit. A recent security report shows that 70% of fraud is now carried out through mobile channels. From phones and tablets to laptops, the mobile devices your family relies on daily are brimming with personal data. Now more than ever, we need to take steps to protect ourselves and our family. Webroot Essentials provides multi-device protection with real-time threat intelligence. Whether you’re on Android, iOS, Windows or Mac, all the devices in your household are constantly safeguarded against the latest online threats.

Strengthen your password security

Are you still using passwords like your dog’s name and 123? And what about your kids? Chances are their Roblox passwords aren’t as tough to hack as they should be. If there’s one weak link in most people’s security, it’s their passwords. Cybercriminals know that, and they’re taking full advantage. In fact, the 2025 Verizon Data Breach Investigations Report found 81% of data breaches were caused by compromised passwords. Here are some tips to keep all your family’s passwords secure.

Make it complicated: It’s important to create long and complex passwords and avoid using anything that’s easy to guess. That means no “Password” or “123456”. It also means no pet names or kid’s names, since hackers can often find those details on social media.
Don’t recycle: Never use the same login for more than one account. It may be easier to remember, but if your username and password for one account are exposed in a data breach, hackers can use them to try and break into all your other accounts.
Use a password manager: Let a password manager save you some headaches by doing the hard work for you. Webroot solutions include password managers that store credentials and credit card information and automatically fill in login information, so the whole family can stay secure without having to remember every login. Be careful storing your credit card information on shared devices. You don’t want a shipment of 70,000 lollipops at your door.

Defend against social engineering scams

It’s important to stay aware of the latest online threats. Social engineering scams are designed to gain your trust and then trick you into sharing sensitive details by clicking on fake links or downloading malicious software. The most common type of social engineering is phishing. In a phishing attack, hackers pretend to be someone you trust and use fraudulent emails, texts and websites to try and steal personal information.

Scammers often use phishing to target children. They pose as friends, influencers, or game platforms to trick them into clicking fake links and handing over details like credit card numbers. These scams often start with an offer of an exciting reward or a prize. Take some time to talk with your kids about these common scams.

Fake game reward scams: Kids are offered free in-game currency on a popular platform like Fortnite, then asked to click phony links and provide sensitive details. It’s important to remind your children to redeem rewards through official game platforms only and never enter login or payment information into random pop-ups or suspicious links.
Social media impersonation scams: Scammers create fake social media profiles to pose as a friend, classmate, or influencer, and use stolen photos or AI-generated content to build seemingly legitimate profiles. The goal is to trick kids into clicking dangerous links or downloading malware. Make sure your children know that even if someone looks familiar, they may not be who they say they are.
Friendship and romance scams: A scammer builds an emotional connection with a child, then starts asking for sensitive info like Social Security numbers, photos, or money. Remind your kids that if someone won’t use video chat or meet in person, they’re probably not legitimate. Also remind your children, adding people to your social media friends group
Influencer giveaway scams: Fake influencer accounts host phony contests and message “winners” asking for a fee or bank account details. Remind your kids that they should only follow verified social media accounts, and that a real contest won’t ask them to pay to redeem a prize.

Secure your home network

Home security means more than just deadbolts and alarms. With smart TVs, video doorbells, and wireless thermostats, our homes are more connected than ever. While all these Internet of Things (IoT) devices making our lives more convenient, each one is a potential entry point for hackers. Webroot Secure VPN provides encrypted connections for safe browsing at home. When your family is on the go, it protects your online privacy on unsecured networks and shields your personal information from cyberthieves.

Internet safety checklist

Update all your operating systems and applications to the latest versions – make sure to do the same for your kids.
Enable automatic updates for software and security for the entire family.
Run a full system scan to detect any existing malware on all devices in your household.
Enable multi-factor authentication on all critical accounts.
Create unique passwords for each online account.
Change passwords for your family’s most important accounts often, such as banking, email, and social media.
Review settings on all social media accounts and make sure all kids’ profiles are private.
Check app permissions, especially on your kids’ devices.
Clear all browser cookies and caches monthly.
Be cautious with suspicious links or unknown senders. Be sure the whole family knows to verify sender addresses before responding to requests for information or clicking any links.
Consider comprehensive online security with Webroot Total Protection, which includes antivirus and identity protection, unlimited cloud backup, and up to $1 million in identity theft expense reimbursement. Get protection for up to ten devices and peace of mind that your family’s digital lives are secure.

Cybercriminals never take a break and neither should you. Internet Safety Month is the perfect opportunity to step up the digital safety of your entire household. And remember – online security isn’t just an annual event. Your sensitive data deserves year-round protection, and you can get it with family-friendly solutions from Webroot. Don’t wait for a data breach or other disaster to take action. Keep your kids safe and your data secure by strengthening your digital defenses today!