- Dark web listing claims to sell 340 million OnlyFans creator and user records, including PII and account activity metrics
- OnlyFans denies breach, and Cybernews analysis suggests the dataset is likely a compilation of previous leaks and public sources rather than an internal dump
- Although fake, exposed emails and metadata can still enable phishing, profiling, spamming and harassment of creators and users
A giant database allegedly containing personally identifiable information (PII) about OnlyFan’s creators and users is reportedly being offered for sale on the dark web – however, the authenticity of the data is being questioned and the manner in which it was obtained does not suggest an actual breach of the company’s servers.
Security researchers from Cyber news reported that they spotted a new ad on a dark web forum offering 340 million entries scraped from internal OnlyFans databases:
“The listing provides exclusive access to an alleged OnlyFan internal database dump containing approximately 350 million user records,” the post reads. “The dataset includes both fan and created accounts and reveals a wide range of personally identifiable information and detailed account activity metrics.”
“False Reports”
The post further claims that the archive contains people’s usernames, sign-up dates, email addresses, number of followers, like number, number of photos, number of videos, number of streams, information about payment card data and associated profiles.
A spokesperson for the company said in a comment to the news Cyber news “on background these reports are false”.
The publication’s researchers also analyzed the sample posted on the dark web and said it was underwhelming and they were unable to conclude whether the archive is authentic or not.
“Based on the sample alone, we cannot confirm the true size of the data. However, the sample indicates that individuals whose data is exposed may be targets of phishing,” the team explained.
“However, emails alone could serve as a sensitive point of reconnaissance. Threat actors could use this information to cross-reference information from other adult content sites to profile vulnerable individuals.”
The hackers did not say they broke into OnlyFans, but rather compiled the information from previous OnlyFans leaks, cross-referenced it with public sources, other data breaches and various publicly available information.
Cyber news suggests that this may be true, and concludes that even in this form the archive can be quite dangerous.
“If this is a compilation, the data can be used for reconnaissance and profiling. For example, attackers can investigate whether user emails are repeated across multiple sites or whether additional sensitive information has been leaked. Vulnerable creators’ contact information can also lead to spam and harassment directed at them,” Cyber news team completed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
