AUSTIN, Texas—Aylo, the parent company of Pornhub.com, is facing three separate class action lawsuits filed in recent weeks amid a data breach that exposed millions of user records, including pornography viewing habits and trends. The three class actions are filed on behalf of plaintiffs identified as either Jane or John Does.
All three class actions are similarly worded. One John Doe plaintiff is based in California. The two Jane Doe plaintiffs are in Mississippi and Nevada, respectively.
"An individual’s sexual desires constitute some of the most sensitive and personal information there is," reads the plaintiff's attorneys in one of the suits. "For some, their sexual lives in some way involve viewing pornography. ... Yet despite its prevalence, pornography usage is still something people do not openly discuss."
All three suits demand a jury trial and are before the U.S. District Court for the Western District of Texas. Remedies sought in the three lawsuits include penalties for breach of implied contract, invasion of privacy, negligence, unjust enrichment, and violations of the respective states' consumer protection laws.
"Most, if not all, class members were unaware of the data breach at the time it occurred, or that their private information was compromised and that they are at significant risk of various other forms of personal, social, and financial harm," states one lawsuit. "The risk will remain for their respective lifetimes."
The data breach occurred at the end of 2025 and was carried out by a group called "ShinyHunters." ShinyHunters is regarded as a cybercriminal group that engages in extortion. According to accounts of the group's exploits, they deploy malware to steal sensitive data, including credit card information and consumer data.
ShinyHunters told Reuters in December that the group was ransoming the data unless the Bitcoin payment demands were met. A spokesperson for the group said that the payment will "prevent the publication of [Pornhub] data and delete the data."
Pornhub issued a notice of the breach to users on its website that was last updated on December 18.
Pornhub notes that its systems weren't breached but rather those of a traffic data vendor that Aylo utilizes.
The vendor, Mixpanel, is an artificial intelligence-powered data analytics platform that tracks user behavior and interactions on web platforms and applications. Pornhub uses this vendor for monitoring data that relates to the behaviors and interactions of Pornhub Premium users.
"A recent cybersecurity incident involving data from a third-party data analytics service provider has impacted some Pornhub Premium users," reads the Pornhub notice.
"Specifically, this situation affects only select Premium users," it adds. "It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details, and financial information remain secure and were not exposed."
The immediate lawsuits in federal district court in Austin, Texas, capitalize on the fact that there was a breach related to an Aylo vendor. All three lawsuits do not name Mixpanel as a defendant, and only the U.S.-based entities owned by the multinational Aylo conglomerate, which is owned by Ethical Capital Partners in Ottawa.
Aylo declined to comment on the lawsuits, citing ongoing litigation. Mixpanel announced the data breach at the end of November 2025.
Other clients impacted by the breach include OpenAI, SoundCloud, and 700Credit, among others.
"We proactively communicated with all impacted customers. If you have not heard from us directly, you were not impacted," said Mixpanel. "We continue to prioritize security as a core tenet of our company, products, and services. We are committed to supporting our customers and communicating transparently about this incident."
