In November 2025, ChatGPT, developed by OpenAI and owned by Microsoft, made headlines for being the target of a major cyber-attack that resulted in the leak of sensitive data. An investigation later revealed that the breach did not occur on Microsoft’s servers directly. Instead, the compromise was traced back to the servers of the analytics firm Mixpanel. This breach exposed critical details about ChatGPT, such as passwords, API keys, payment information, and chat logs.
Not long after this revelation, another high-profile breach made waves. Po$^&ub, a popular adult website known for its strict age verification processes for UK-based users, disclosed that it had fallen victim to a significant data breach. The breach was linked to Mixpanel’s compromised servers, which had been a common thread between both attacks. The data leak affected over 200 million user entries, which included sensitive information such as email addresses, location data, search queries, video titles, IP addresses, and time stamps.
The adult website revealed that the cyber attackers might have gained unauthorized access to its network and possibly maintained control over it, allowing them to siphon the data over time. However, the breach was mitigated after the website implemented a new software application designed to patch up the vulnerabilities. The company emphasized that despite this quick response, it plans to enforce stricter security measures moving forward to prevent future attacks.
The cybercrime group believed to be behind the breach is the notorious ShinyHunters. Known for its history of infiltrating online platforms and extorting victims, ShinyHunters is suspected of using the stolen data to exert pressure on the company for ransom. This data leak, which exposed a wide range of personal information, has raised alarms about the vulnerability of platforms relying on third-party analytics firms like Mixpanel.
This breach highlights a growing concern in the digital security landscape, where even large platforms can fall prey to cyber-attacks originating from seemingly unrelated third-party services. It underscores the need for robust security protocols not only for companies’ internal networks but also for the third-party services they rely on to manage and analyze user data.
Join our LinkedIn group Information Security Community!
