A threat actor is advertising a large database purportedly containing information on hundreds of millions of OnlyFans users, including creators and subscribers. However, the seller claims the data was compiled from previous leaks and public sources, not a direct breach of OnlyFans systems, based on information published by HackRead.A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000. The advertised data includes usernames, names, email addresses, phone numbers, and account activity. Initially, the listing suggested a direct breach or scraping of OnlyFans. However, the seller clarified that the database was assembled by combining information from prior data leaks, including those from Twitter, Instagram, and Spotify, with publicly available data and matching it to OnlyFans users. Sample data reviewed showed incomplete records and formatting inconsistent with typical platform databases. While some usernames and linked details were verified against public OnlyFans profiles, the authenticity of payment card information remains unconfirmed.The aggregation of this data poses risks of phishing, blackmail, and harassment for both creators and subscribers, highlighting a trend of threat actors creating searchable identity databases by merging old breach data with public information.Source: HackRead
Data Security
OnlyFans user data advertised on cybercrime forum, seller claims no direct breach

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



