09.06.2025
20 min
1255
Information regarding the alleged leak initially surfaced on a prominent data breach forum. On the forum, hackers claimed they were selling a substantial database containing approximately 340 million OnlyFans user records. Based upon the forum post, the data set allegedly comprises information associated with both creators of content and fans on the platform.
Based upon the attacker’s claims, the database allegedly includes:
Usernames that may possibly link to real identities across other social media platforms and/or services online;
Account join dates which show when users joined and how long they have utilized the platform;
Emails that can be targeted by attackers via phishing emails, spam campaigns, or to track individuals across various online accounts;
Follower statistics which may demonstrate how successful creators or fan accounts are;
Like counts demonstrating user interaction and activity level on a given account;
Image totals that may illustrate how frequently creators upload images;
Video totals that illustrate total utilization of an account along with frequency of posts made by users on the platform;
Statistics associated with livestreaming most likely related to streaming activity on the platform;
Partial payment card information that can possibly aid in profiling prospective victims;
Linked or connected profiles that can assist in associating Onlyfans accounts with other online identity(ies).
Within the sales post describing the alleged leak, those responsible for leaking the data referred to the database as:
“This listing offers unique access to an alleged OnlyFans internal database comprised of approximately 350 Million user records. The dataset encompasses fan and creator accounts alike and exposes a wide array of private information along with detailed metrics regarding user account activity.”
With over 380 Million users and over 4.5 Million creators, Onlyfans is one of the largest subscription based content platforms within the world. As many utilize Onlyfans under conditions of complete anonymity, claims of a leak of this magnitude immediately led to fears concerning possible de-anonymization of actual identities.
However, Onlyfans denies the claims stating that it had not been breached. In response to the allegations Onlyfans released a short statement from a company representative:
“Actually, these claims are false.”
Researchers that reviewed samples of data posted by sellers reported there was insufficient proof supporting the existence of such a leak. According to their review, the sample provided ten records that consisted of usernames, User ID(s), Email Address(es) and Registration Details. Multiple fields including phone number(s), Linked Account(s) & Internal Account Flag(s) were reportedly blank.
Additionally, Researchers indicated that much of the information found in the exposed data appears to have originated from August 2025. This may imply that the Database is not merely a product of recent hacking activities, but instead a compilation of Data generated from previous hacks, Exposed Records and Publicly Available Data compiled over time.
Sellers did not reportedly claim to have breached Onlyfans directly. Rather, they allege they have compiled the Database utilizing information extracted from prior breaches, Open Sources and other Leaked Datasets circulating online.
Regardless of whether or not the information itself is dated, Cybersecurity Experts continue to caution against such databases due to potential dangers posed to users. For instance, if Attackers can locate an individual’s email address across multiple breaches, they can Cross Reference those breaches and Identify People mapping Online Activity and subsequently Launch Phishing Attacks Blackmail Attempts Harassment Campaigns or Other Forms of Abuse.
Similarly, Cybersecurity experts warn that even a single Exposed Email Address can serve as Starting Point for Gathering Additional Personal Data from Compromised Services and Leaked Databases.
For now, no official confirmation has occurred relating to alleged leak. However, Concern among Millions of Only Fans Users Worldwide Regarding Potential De-Anonymous Risks Have Already Began Due to Claims
