PornHub Extortion Leak, Google’s Anti‑Scraping Lawsuit & more
This week’s security and privacy headlines span the full spectrum of modern risk: an alleged mass theft of sensitive adult-site user data for extortion, a geopolitically charged cyberincident hitting a national oil giant, a confirmed breach of UK government systems with attribution still unclear, and a courtroom fight over whether automated “fake searches” are quietly strip-mining the web’s content economy.
200M Premium PornHub Accounts Allegedly Stolen in Extortion Scheme
A hacking crew known as ShinyHunters, tied to the broader “Com” cybercrime ecosystem, is believed to have stolen a massive dataset linked to PornHub premium users. Reportedly more than 200 million records totaling 94 GB. The stolen material is described as including account information (such as email addresses) along with users’ on-site activity histories, creating a highly sensitive privacy exposure.
PornHub said the data appears to have come from Mixpanel, an analytics service it used up to 2021, suggesting the compromised records may be several years old. Reports indicate the company has received extortion emails from the hackers in recent days, raising fears that stolen browsing-linked account data could be used to pressure individuals or the company into paying to prevent public release.
Venezuela Oil Giant PDVSA Reports Cyberattack, Points Finger at US
Venezuela’s state oil company PDVSA says a cyberattack disrupted its administrative systems shortly after the US military seized a tanker carrying nearly 2 million barrels of Venezuelan crude. PDVSA publicly claimed operations continued, but accused the United States of orchestrating the incident as part of a broader effort targeting Venezuela’s energy sector.
Other reporting suggests the disruption may have been more severe than PDVSA indicated, including a temporary halt to oil cargo deliveries and internal systems going offline. The incident lands amid an escalating US–Venezuela standoff, with Washington linking certain maritime activity to criminal networks allegedly protected by Venezuela’s leadership—claims that US officials have not backed with public evidence in this account.
UK Confirms October Hack as Foreign Office Data Targeted
A UK government minister has confirmed that a cyberattack hit government systems in October, partially validating media reports that Foreign Office-related data was accessed. The minister said investigators had “closed the hole” quickly and described the breach as stemming from a technical issue on one government site, adding that officials are currently fairly confident the risk to individuals is low.
A tabloid report attributed the intrusion to a China-linked hacking group and suggested the stolen material could include tens of thousands of visa records, but the minister cautioned that attribution claims are still speculative and said he could not confirm any link to China while the investigation continues. The incident comes amid heightened attention to cyber resilience in the UK after major attacks this year disrupted operations at large British companies, including a carmaker and a major retailer.
Google Takes on “Fake Search” Scrapers in Court
Google has sued Texas-based SerpApi, alleging the company sends hundreds of millions of automated, fake Google search requests to pull content from search results at massive scale. Content Google says includes licensed and copyrighted material embedded in features like Knowledge Panels, Maps, and Shopping. Google argues SerpApi bypassed its technical protections and then sold the scraped results to third parties, effectively “taking it for free” and monetizing it.
SerpApi says it will fight the case, arguing it provides the same information anyone can see in a browser and claiming Google is trying to stifle competition used by developers building products such as AI tools, security services, and browsers. The lawsuit seeks monetary damages (amount unspecified) and a court order to block SerpApi from continuing the alleged scraping, echoing similar claims made recently by other platforms that accuse scrapers of harvesting content for AI-related uses.
