Become a TechRadar Insider
- Dark web listing claims to be selling 340 million OnlyFans creator and user records, including PII and account activity metrics
- OnlyFans denies breach, and Cybernews analysis suggests the dataset is likely a compilation of past leaks and public sources rather than an internal dump
- Even if inauthentic, exposed emails and metadata could still enable phishing, profiling, spam, and harassment of creators and users
A gigantic database, allegedly containing personally identifiable information (PII) of OnlyFans creators and users, is allegedly being offered for sale on the dark web - however, the authenticity of the data is being questioned, and the way it was obtained does not suggest an actual breach of the company’s servers.
Security researchers from Cybernews reported spotting a new ad on a dark web forum, offering 340 million records scraped from internal OnlyFans databases:
“The listing provides exclusive access to an alleged OnlyFans internal database dump containing approximately 350 million user records,” the post reads. “The dataset encompasses both fan and created accounts, exposing a broad range of personally identifiable information and detailed account activity metrics.”
"False reports"
The post further claims the archive holds people’s usernames, join dates, email addresses, follower count, like count, picture count, video count, stream count, payment card data information, and linked profiles.
Commenting on the news, a company spokesperson told Cybernews “on background, these reports are false”.
The publication’s researchers also analyzed the sample posted on the dark web and said it was underwhelming and that they were unable to conclude if the archive is authentic or not.
“Based on the sample alone, we cannot confirm the true size of the data. However, the sample does indicate that individuals whose data is exposed could be targets for phishing,” the team explained.
“However, the emails alone could serve as a sensitive reconnaissance point. Threat actors could use this information to cross-reference info from other adult content sites to profile exposed individuals.”
The hackers didn’t say they broke into OnlyFans, but rather compiled the information from previous OnlyFans leaks, cross-referenced them with public sources, other data breaches, and various publicly available information.
Cybernews hints that this might be true, and concludes that even in this form, the archive could be quite dangerous.
“If this is a compilation, the data could be used for reconnaissance and profiling. For example, attackers could research whether user emails repeat across multiple websites or whether any additional sensitive info has been leaked. Also, exposed creators' contact info could also lead to spam and harassment directed towards them,” the Cybernews team concluded.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.