Stolen Onfans Data from Past Breaches Sold on Hacker Forums
Threat Actors Exploit Personal Data Linked to Millions of OnlyFans Users
A significant data breach has compromised sensitive information tied to over 340 million OnlyFans users, according to a threat actor who has been advertising the compromised data on a prominent cybercrime forum.
Compromised Information Includes:
- Personally Identifiable Information
- Account Activity Metrics
- Linked Social Profiles
- Payment-Related Details
The seller, operating under the alias “Euphoric_Reply_5727,” posted the listing on the forum, offering the database for 0.313 BTC, approximately $76,000 at the time of writing. The seller claimed the database was compiled from internal OnlyFans data, including information gathered from previous breaches and public sources.
Upon reviewing sample records provided by the seller, it became apparent that the data was organized in a flat text format, containing fields such as usernames, addresses, phone numbers, join dates, follower counts, likes, uploaded content statistics, and linked social profiles. However, upon closer inspection, some entries contained placeholder values and publicly visible profile metrics, suggesting that the formatting differed significantly from how modern consumer platforms typically store production database records internally.
Risks and Concerns:
- Potential exposure of users’ real-world identities
- Correlating usernames, emails, phone numbers, and social media accounts
In this instance, the compromised data poses a risk to both creators and consumers on the OnlyFans platform. At the time of writing, the compromised data remained available for purchase. OnlyFans has not commented on the matter.
