Data Security

OnlyFans user data advertised on cybercrime forum, seller claims no direct breach

OnlyFans logo shown on a modern mobile phone. The smartphone is being held in landscape mode, in the darkness. A PC monitor with the OnlyFans website in the background.

A threat actor is advertising a large database purportedly containing information on hundreds of millions of OnlyFans users, including creators and subscribers. However, the seller claims the data was compiled from previous leaks and public sources, not a direct breach of OnlyFans systems, based on information published by HackRead.

A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000. The advertised data includes usernames, names, email addresses, phone numbers, and account activity. Initially, the listing suggested a direct breach or scraping of OnlyFans. However, the seller clarified that the database was assembled by combining information from prior data leaks, including those from Twitter, Instagram, and Spotify, with publicly available data and matching it to OnlyFans users. Sample data reviewed showed incomplete records and formatting inconsistent with typical platform databases. While some usernames and linked details were verified against public OnlyFans profiles, the authenticity of payment card information remains unconfirmed.

The aggregation of this data poses risks of phishing, blackmail, and harassment for both creators and subscribers, highlighting a trend of threat actors creating searchable identity databases by merging old breach data with public information.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds