A threat actor is advertising what they describe as a massive database containing information linked to hundreds of millions of OnlyFans users, including creators and subscribers. However, conversations with the seller and a review of sample data suggest that the collection did not result from a direct breach or scraping of OnlyFans systems.
The listing appeared earlier this week on a well-known cybercrime forum, where a user operating under the alias “Euphoric_Reply_5727” offered what they described as “340 Million User Records” linked to OnlyFans users. The seller priced the database at 0.313 BTC, roughly $76,000 at the time of writing.
According to the forum post, the collection allegedly contains data pulled from “internal OnlyFans databases,” including personal information, account activity metrics, linked social profiles, and payment-related details.
The seller advertised the database as containing usernames, names, email addresses, phone numbers, follower counts, likes, uploaded content statistics, account types, and linked social media profiles. The claims initially gave the impression of a direct platform breach or scraping incident.
However, the story changed after Hackread.com contacted the threat actor directly on Telegram. In private messages, the seller clarified they did not hack or breach OnlyFans. Instead, they claimed the database was built using information collected from previous data leaks and public sources, including breached records from platforms such as Twitter, Instagram, and Spotify.
“We didn’t breach or hack OnlyFans,” the seller said in a message shared with Hackread.com. “We used existing breaches and leaks databases and matched with users of the OnlyFans platform.”
After speaking with the seller, Hackread.com reviewed sample records shared from the database. The data appears to be organized as a flat text-based collection containing fields such as usernames, email addresses, phone numbers, join dates, follower counts, likes, uploaded content statistics, linked social profiles, and account types.
Some entries also included a field labelled “card,” which the seller claimed referred to the last four digits of a payment card linked to an account.
A closer look at the samples revealed incomplete records, placeholder values such as “None,” and publicly visible profile metrics. The formatting also differed from how modern consumer platforms typically store production database records internally.
Hackread.com independently verified that several usernames and linked details in the sample data matched real OnlyFans accounts. For example, 10 UIDs listed in the shared records matched usernames linked to publicly accessible OnlyFans profiles.
However, attempts to validate associated email addresses did not produce warnings indicating the emails were already registered on the platform, leaving further verification to OnlyFans itself.
One detail that remains unclear is the seller’s claim regarding payment card data. The listing described the “card” field as containing the last four digits of a payment card associated with an account. Hackread.com could not independently confirm whether that information is authentic, recycled from older leaks, or included to increase the perceived value of the dataset.
Nevertheless, the collection still presents privacy and security concerns. Correlating usernames, emails, phone numbers, and social media accounts can expose creators and subscribers to phishing campaigns, blackmail attempts, stalking, impersonation, and targeted harassment.
The incident also shows a growing underground trend where threat actors combine old breach data with publicly accessible information to build searchable identity databases. In many cases, the value comes less from stolen passwords and more from linking online personas to real-world identities.
At the time of writing, the data was still available for sale. Hackread.com has reached out to OnlyFans for comment.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。