Hackers stole complete customer information, including contact details, national identity numbers, and payment details.

The post Spanish Energy Company Endesa Hacked appeared first on SecurityWeek.

After a recent data breach that affected Pornhub Premium members, Pornhub has updated its online statement to warn users about potential direct contact from cybercriminals.

“We are aware that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users directly. You may therefore receive emails claiming they have your personal information. As a reminder, we will never ask for your password or payment information by email.”

Pornhub is one of the world’s most visited adult video-sharing websites, allowing users to view content anonymously or create accounts to upload and interact with videos.

Pornhub has reported that on November 8, 2025, a security breach at third-party analytics provider Mixpanel exposed “a limited set of analytics events for certain users.” Pornhub stressed that this was not a breach of Pornhub’s own systems, and said that passwords, payment details, and financial information were not exposed.

Mixpanel confirmed it experienced a security incident on November 8, 2025, but disputes that the Pornhub data originated from that breach. The company stated there is:

 “No indication that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”

Regardless of the source, cybercriminals commonly attempt to monetize stolen user data through direct extortion. At the moment, it is unclear how many users are affected, although available information suggests that only Premium members had their data exposed.

In October, we reported that one in six mobile users are targeted by sextortion scams. Sextortion is a form of online blackmail where criminals threaten to share a person’s private, nude, or sexually explicit images or videos unless the victim complies with their demands—often for more sexual content, sexual favors, or money.

Having your email address included in a dataset of known Pornhub users makes you a likely target for this type of blackmail.

How to stay safe from sextortion

Unless you used a dedicated throwaway email address to sign up for Pornhub Premium, you should be prepared to receive a sextortion-type email. If one arrives:

• Any message referencing your Pornhub use, searches, or payment should be treated as an attempt to exploit breached or previously leaked data.
• Never provide passwords or payment information by email. Pornhub has stated it will not ask for these.
• Do not respond to blackmail emails. Ignore demands, do not pay, and do not reply—responding confirms your address is actively monitored.
• Save extortion emails, including headers, content, timestamps, and attachments, but do not open links or files. This information can support reports to your email provider, local law enforcement, or cybercrime units.
• Change your Pornhub password (if your account is still active) and ensure it’s unique and not reused anywhere else.
• Turn on multi-factor authentication (MFA) for your primary email account and any accounts that could be used for account recovery or identity verification.
• Review your bank and card statements for unfamiliar charges and report any suspicious transactions at once.
• If you used a real-name email address for Pornhub, consider moving sensitive subscriptions to a separate, pseudonymous email going forward.

Use STOP, our simple scam response framework to help protect against scams. 

• S—Slow down: Don’t let urgency or pressure push you into action. Take a breath before responding. Legitimate businesses like your bank or credit card don’t push immediate action.  
• T—Test them: If you answered the phone and are feeling panicked about the situation, likely involving a family member or friend, ask a question only the real person would know—something that can’t be found online. 
• O—Opt out: If it feels off, hang up or end the conversation. You can always say the connection dropped. 
• P—Prove it: Confirm the person is who they say they are by reaching out yourself through a trusted number, website or method you have used before. 

Should you have doubts about the legitimacy of any communications, submit them to Malwarebytes Scam Guard. It will help you determine whether it’s a scam and provide advice on how to act.

---

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

After a recent data breach that affected Pornhub Premium members, Pornhub has updated its online statement to warn users about potential direct contact from cybercriminals.

“We are aware that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users directly. You may therefore receive emails claiming they have your personal information. As a reminder, we will never ask for your password or payment information by email.”

Pornhub is one of the world’s most visited adult video-sharing websites, allowing users to view content anonymously or create accounts to upload and interact with videos.

Pornhub has reported that on November 8, 2025, a security breach at third-party analytics provider Mixpanel exposed “a limited set of analytics events for certain users.” Pornhub stressed that this was not a breach of Pornhub’s own systems, and said that passwords, payment details, and financial information were not exposed.

Mixpanel confirmed it experienced a security incident on November 8, 2025, but disputes that the Pornhub data originated from that breach. The company stated there is:

 “No indication that this data was stolen from Mixpanel during our November 2025 security incident or otherwise.”

Regardless of the source, cybercriminals commonly attempt to monetize stolen user data through direct extortion. At the moment, it is unclear how many users are affected, although available information suggests that only Premium members had their data exposed.

In October, we reported that one in six mobile users are targeted by sextortion scams. Sextortion is a form of online blackmail where criminals threaten to share a person’s private, nude, or sexually explicit images or videos unless the victim complies with their demands—often for more sexual content, sexual favors, or money.

Having your email address included in a dataset of known Pornhub users makes you a likely target for this type of blackmail.

How to stay safe from sextortion

Unless you used a dedicated throwaway email address to sign up for Pornhub Premium, you should be prepared to receive a sextortion-type email. If one arrives:

• Any message referencing your Pornhub use, searches, or payment should be treated as an attempt to exploit breached or previously leaked data.
• Never provide passwords or payment information by email. Pornhub has stated it will not ask for these.
• Do not respond to blackmail emails. Ignore demands, do not pay, and do not reply—responding confirms your address is actively monitored.
• Save extortion emails, including headers, content, timestamps, and attachments, but do not open links or files. This information can support reports to your email provider, local law enforcement, or cybercrime units.
• Change your Pornhub password (if your account is still active) and ensure it’s unique and not reused anywhere else.
• Turn on multi-factor authentication (MFA) for your primary email account and any accounts that could be used for account recovery or identity verification.
• Review your bank and card statements for unfamiliar charges and report any suspicious transactions at once.
• If you used a real-name email address for Pornhub, consider moving sensitive subscriptions to a separate, pseudonymous email going forward.

Use STOP, our simple scam response framework to help protect against scams. 

• S—Slow down: Don’t let urgency or pressure push you into action. Take a breath before responding. Legitimate businesses like your bank or credit card don’t push immediate action.  
• T—Test them: If you answered the phone and are feeling panicked about the situation, likely involving a family member or friend, ask a question only the real person would know—something that can’t be found online. 
• O—Opt out: If it feels off, hang up or end the conversation. You can always say the connection dropped. 
• P—Prove it: Confirm the person is who they say they are by reaching out yourself through a trusted number, website or method you have used before. 

Should you have doubts about the legitimacy of any communications, submit them to Malwarebytes Scam Guard. It will help you determine whether it’s a scam and provide advice on how to act.

---

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

The month of June is a time for fun in the sun and a break from the school year, but did you know it’s also the perfect time to step up your family’s online security? June is Internet Safety Month, a yearly reminder to strengthen your defenses against online threats. In today’s hyper-connected world, we use the internet for just about everything, from shopping to banking to streaming and work. That goes for your kids as well. Many of their favorite activities, including gaming and connecting with friends on social media, are connected to the internet.  While all this access means added convenience, it also means constant threats to your family’s online safety.

From phishing scams to malware, hackers are constantly looking for ways to exploit weaknesses in cybersecurity systems and software. Their goal is always the same: to get access to personal data and use it for profit. The rising numbers tell the story. In 2024, the FBI’s Internet Crime Complaint Center (IC3) received more than 850,000 cybercrime complaints, with reported losses exceeding $10.3 billion. This is partly due to the increase in data breaches. Studies show that 51% of Americans report they’ve been victims of a data breach, and 64% say they’ve changed their online behavior for fear of escalating online threats like ransomware and identity theft.

Keep summer screen time safe

It’s not just adults getting targeted online. Children and teens are increasingly exposed to scams (even extortion scams), cyberbullying, and inappropriate content—especially during summer when screen time surges. A recent Pew Research study found that 45% of teens are online almost constantly. So how do you let your kids enjoy their screens safely? Webroot Total Protection and Webroot Essentials offer parental controls that make it easy to manage your children’s online activity and content access. You can block specific websites, filter out inappropriate content and set daily limits on computer time. You can also monitor what sites your kids visit and interact with, and even tailor different levels of protection for each child. Whether your kids are watching YouTube, chatting on Discord, or gaming with friends, it’s a simple way to keep them safe without having to hover over them every time they’re online. 

Protect every device

As we spend more time on our mobile devices, cybercriminals are following suit. A recent security report shows that 70% of fraud is now carried out through mobile channels. From phones and tablets to laptops, the mobile devices your family relies on daily are brimming with personal data. Now more than ever, we need to take steps to protect ourselves and our family. Webroot Essentials provides multi-device protection with real-time threat intelligence. Whether you’re on Android, iOS, Windows or Mac, all the devices in your household are constantly safeguarded against the latest online threats.

Strengthen your password security

Are you still using passwords like your dog’s name and 123? And what about your kids? Chances are their Roblox passwords aren’t as tough to hack as they should be. If there’s one weak link in most people’s security, it’s their passwords. Cybercriminals know that, and they’re taking full advantage. In fact, the 2025 Verizon Data Breach Investigations Report found 81% of data breaches were caused by compromised passwords. Here are some tips to keep all your family’s passwords secure.

• Make it complicated: It’s important to create long and complex passwords and avoid using anything that’s easy to guess. That means no “Password” or “123456”. It also means no pet names or kid’s names, since hackers can often find those details on social media.
•  Don’t recycle: Never use the same login for more than one account. It may be easier to remember, but if your username and password for one account are exposed in a data breach, hackers can use them to try and break into all your other accounts.
• Use a password manager: Let a password manager save you some headaches by doing the hard work for you. Webroot solutions include password managers that store credentials and credit card information and automatically fill in login information, so the whole family can stay secure without having to remember every login. Be careful storing your credit card information on shared devices. You don’t want a shipment of 70,000 lollipops at your door.

Defend against social engineering scams

It’s important to stay aware of the latest online threats. Social engineering scams are designed to gain your trust and then trick you into sharing sensitive details by clicking on fake links or downloading malicious software. The most common type of social engineering is phishing. In a phishing attack, hackers pretend to be someone you trust and use fraudulent emails, texts and websites to try and steal personal information.

Scammers often use phishing to target children. They pose as friends, influencers, or game platforms to trick them into clicking fake links and handing over details like credit card numbers. These scams often start with an offer of an exciting reward or a prize. Take some time to talk with your kids about these common scams.

• Fake game reward scams: Kids are offered free in-game currency on a popular platform like Fortnite, then asked to click phony links and provide sensitive details. It’s important to remind your children to redeem rewards through official game platforms only and never enter login or payment information into random pop-ups or suspicious links.
• Social media impersonation scams: Scammers create fake social media profiles to pose as a friend, classmate, or influencer, and use stolen photos or AI-generated content to build seemingly legitimate profiles. The goal is to trick kids into clicking dangerous links or downloading malware. Make sure your children know that even if someone looks familiar, they may not be who they say they are.
• Friendship and romance scams: A scammer builds an emotional connection with a child, then starts asking for sensitive info like Social Security numbers, photos, or money. Remind your kids that if someone won’t use video chat or meet in person, they’re probably not legitimate. Also remind your children, adding people to your social media friends group
• Influencer giveaway scams: Fake influencer accounts host phony contests and message “winners” asking for a fee or bank account details. Remind your kids that they should only follow verified social media accounts, and that a real contest won’t ask them to pay to redeem a prize.

Secure your home network

Home security means more than just deadbolts and alarms. With smart TVs, video doorbells, and wireless thermostats, our homes are more connected than ever. While all these Internet of Things (IoT) devices making our lives more convenient, each one is a potential entry point for hackers. Webroot Secure VPN provides encrypted connections for safe browsing at home. When your family is on the go, it protects your online privacy on unsecured networks and shields your personal information from cyberthieves.

Internet safety checklist

• Update all your operating systems and applications to the latest versions – make sure to do the same for your kids.
• Enable automatic updates for software and security for the entire family.
• Run a full system scan to detect any existing malware on all devices in your household.
• Enable multi-factor authentication on all critical accounts.
• Create unique passwords for each online account.
• Change passwords for your family’s most important accounts often, such as banking, email, and social media.
• Review settings on all social media accounts and make sure all kids’ profiles are private.
• Check app permissions, especially on your kids’ devices.
• Clear all browser cookies and caches monthly.
• Be cautious with suspicious links or unknown senders. Be sure the whole family knows to verify sender addresses before responding to requests for information or clicking any links.
• Consider comprehensive online security with Webroot Total Protection, which includes antivirus and identity protection, unlimited cloud backup, and up to $1 million in identity theft expense reimbursement. Get protection for up to ten devices and peace of mind that your family’s digital lives are secure.

Cybercriminals never take a break and neither should you. Internet Safety Month is the perfect opportunity to step up the digital safety of your entire household. And remember – online security isn’t just an annual event. Your sensitive data deserves year-round protection, and you can get it with family-friendly solutions from Webroot. Don’t wait for a data breach or other disaster to take action. Keep your kids safe and your data secure by strengthening your digital defenses today!

Looking for more information?

Avoiding Scams that Target Kids and Teens

Protecting Young Online Gamers

How Americans View Data Privacy

Social Security Numbers and Identity Theft

Protect Yourself from AI-Enabled Phishing

Common Types of Phishing Attacks

Why Use a Password Manager?

Defending Your Digital Identity from Evolving Threats

The post Build strong digital defenses for your entire family appeared first on Webroot Blog.

In today’s digital world, your personal data is like cold hard cash, and that’s why cyberthieves are always looking for ways to steal it. Whether it’s an email address, a credit card number, or even medical records, your personal information is incredibly valuable in the wrong hands.

For hackers, breaking into a company database is like hitting the mother lode, giving them access to millions of personal records. Why? Because whether you know it or not, many companies are collecting and storing your private data. Think about all the information you hand over when you order something online, like your full name, your credit card number, your home address, and maybe even your birthdate just to snag an extra discount. If a company you do business with becomes part of a data breach, cybercriminals may have full access to your confidential information.

Unfortunately, data breaches are on the rise and affecting more companies and consumers than ever. In 2024, more than 1.3 billion people received notices that their information was exposed in a data breach. Chances are you’ve received at least one of these letters, which means you have been put at risk for identity theft and major financial losses.

What are data breaches and how do they happen?

Data breaches occur when sensitive, protected, or confidential data is hacked or leaked from a company or organization. Sometimes businesses are targeted because they have outdated or weak security. While no industry is immune, some sectors are more likely to become victims of breaches because of the sensitive nature of the data they handle. Here are some of the most likely targets for access to consumer data:

• Healthcare organizations: Healthcare companies are a prime target for cybercrime due to the large amounts of sensitive data they store, which includes personal information and medical records. In 2024, there were 14 data breaches involving 1 million or more healthcare records. The largest breach affected an estimated 190 million people and a ransom of 22 million dollars was collected by the hackers.
• Financial services industry: Banks, insurance companies and other financial organizations offer a wealth of opportunity for hackers who can use stolen bank account and credit card information for their own financial gain. In 2024, mortgage lender LoanDepot was the victim of a cyberattack that compromised the information of more than 16 million individuals.
• Retail and e-commerce: Retail and ecommerce businesses are vulnerable to breaches because they handle and store vast amounts of customer payment information, including addresses, credit card numbers and more. Many retailers operate both brick-and-mortar stores and ecommerce platforms and rely on a variety of mobile apps, PoS (point-of-sale) systems, and cloud-based platforms, which creates more entry points for hackers to exploit.
• Tech companies: With access to user data, software systems and intellectual property, tech firms are frequent targets. Apple, Twitter and Meta have all reportedly been victims of cyberattacks.
• Government agencies: Because government organizations store highly sensitive information, social security numbers, they are considered especially high-value targets for cyberattacks.

The most-wanted data

The type of information stolen in data breaches varies depending on the organization, but here’s a list of the kind of data cybercriminals are seeking:

• Emails and passwords
• Payment and credit card information
• Medical records and health data
• Social Security numbers
• Driver’s license numbers
• Banking details and account numbers

What hackers do with your data

Once data is exposed in a breach, cybercriminals will test your usernames and password combinations across thousands of sites, knowing that most people recycle their emails and passwords. Here are just some of the ways hackers exploit your stolen information:

• Identity theft: Hackers use your personal info to impersonate you. They can open accounts in your name, apply for loans, and even file false tax returns.
• Selling it on the dark web: Stolen data is frequently sold to the highest bidder on dark web marketplaces. This makes it accessible to a worldwide network of criminals.
• Phishing and social engineering: Using your personal information, scammers can craft more convincing phishing emails or messages to trick you into giving up even more sensitive details, like passwords and PIN numbers.
• Financial exploitation: When your credit card numbers or bank account details are compromised, cyber thieves can use that information to make financial transactions in your name. They can rack up charges on your credit cards and even drain your bank accounts.
• Data reuse and repurposing: It’s important to remember that your stolen information can be used for fraud and theft even years after a data breach, so it’s crucial to stop using recycled usernames and passwords on both old and new accounts or systems.
• Hijacking online accounts: If your login credentials (usernames and passwords) are leaked, all your online accounts are put at risk. Besides your financial accounts, cyber thieves can also access your social media accounts and other platforms, leading to a major loss of privacy in addition to monetary losses.

How to minimize the risks

• Stay alert: Be on the lookout for any signs of fraud and use an identity protection plan to guard against suspicious activity. Webroot Total Protection monitors the dark web for you and sends alerts if your email or personal information has been found in a breach.
• Use strong, unique passwords: Strong, unique passwords are a simple, yet powerful security tool. Webroot Essentials plans offer password managers that do the hard work for you, keeping all your passwords safe and encrypted while you remember just one password for a quick and seamless login on every site and app.
• Enable two-factor authentication (2FA): Turn on two-factor identification wherever possible, especially for financial accounts and email. This adds an extra step to your login process and makes it much harder for hackers to gain access. Also, remember to update and reset your passwords on a regular basis and always delete any old, unused online accounts.
• Keep your devices protected: Always keep your device software updated and use antivirus and internet security software. Webroot Premium protects your devices from malware, viruses and phishing attempts and provides identity protection so you’re immediately alerted if your information is leaked in a data breach or found on the dark web. If you do become a victim of identity theft, you’ll have 24/7 U.S.-based customer support and up to $1 million in expense reimbursement.
• Update your identity protection plan: Remember to keep your identity protection plan updated, so your personal details like birthdate, Social Security number and driver’s license number are current. Make sure all your family members are onboarded, especially children and older relatives. Also, get real time fraud detection by setting up threshold alerts on your financial accounts so you’re notified of any suspicious transactions as soon as they occur.
• Monitor constantly: It’s important to remember that even if your personal data was exposed years ago, it can still resurface and cause problems at any time. Especially when it comes to children and the elderly, suspicious financial activity can happen without their knowledge and go undetected. For example, it’s not uncommon for a young student to find out they have a poor credit score only when they to try to open their first credit card account. The student had no idea that a cybercriminal used their information for fraudulent purposes and is forced to go through a difficult and costly process to restore their good credit. Most identity protection plans include monitoring and remediation, even if the fraud happened years ago and is affecting you or your family today.

Data breaches are a fact of life in the digital world we live in, but you can protect yourself with some smart security measures. By using strong passwords, password managers, antivirus software, and identity protection plans, you can reduce your risk of becoming a victim of cybercrime, and even get help to restore your identity, your financial losses and your reputation.

It’s like putting a lock on your personal data. When it comes to your sensitive information, it’s always better to be safe than sorry.

Looking for more information and solutions?

Top cyberthreats of 2025

Keeping educational systems secure

How to keep your personal data safe

Protect yourself from identity theft

Safeguarding your devices from malware

The post The danger of data breaches — what you really need to know appeared first on Webroot Blog.