OnlyFans User Data Allegedly Compiled from Old Breaches, Offered for Sale
A hacker operating under the alias Euphoric_Reply_5727 is advertising a claimed 340 million-record OnlyFans database on a cybercrime forum for 0.313 BTC (approximately $76,000). The dataset reportedly includes usernames, real names, email addresses, phone numbers, join dates, follower counts, linked social profiles, and partial payment card details raising concerns about the exposure of users’ real identities.
However, investigations by Hackread and Cybernews suggest the data may not be the result of a direct breach. The seller later admitted to compiling the information from existing leaks and public sources, cross-referencing OnlyFans profiles with data from platforms like X (formerly Twitter), Instagram, and Spotify. While some records matched public profiles, the sample provided just 10 entries contained inconsistencies, including blank fields and unverified details.
Despite the questionable origins, the compilation poses risks. Even if the data is recycled, exposed emails and linked accounts could enable phishing, doxxing, or targeted harassment. The incident underscores the broader threat of identity linkage, where seemingly harmless usernames can be traced back to real-world identities, potentially leading to extortion or account takeovers without requiring a password leak.
Source: https://www.techrepublic.com/article/news-onlyfans-340m-database-sale/
OnlyFans TPRM report: https://www.rankiteo.com/company/onlyfans
"id": "onl1779791617",
"linkid": "onlyfans",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '340 million records claimed',
'industry': 'Adult Content Subscription',
'name': 'OnlyFans',
'type': 'Company'}],
'attack_vector': 'Compilation from existing leaks and public sources',
'data_breach': {'number_of_records_exposed': '340 million claimed',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Usernames',
'Real names',
'Email addresses',
'Phone numbers',
'Join dates',
'Follower counts',
'Linked social profiles',
'Partial payment card details']},
'description': 'A hacker operating under the alias *Euphoric_Reply_5727* is '
'advertising a claimed 340 million-record OnlyFans database on '
'a cybercrime forum for 0.313 BTC (approximately $76,000). The '
'dataset reportedly includes usernames, real names, email '
'addresses, phone numbers, join dates, follower counts, linked '
'social profiles, and partial payment card details. '
'Investigations suggest the data may be compiled from existing '
'leaks and public sources, not a direct breach. The '
'compilation poses risks of phishing, doxxing, or targeted '
'harassment due to exposed emails and linked accounts.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of user identities',
'data_compromised': 'Usernames, real names, email addresses, phone '
'numbers, join dates, follower counts, linked '
'social profiles, partial payment card details',
'identity_theft_risk': 'High',
'payment_information_risk': 'Partial payment card details exposed'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores the broader threat of identity '
'linkage, where seemingly harmless usernames can be traced '
'back to real-world identities, potentially leading to '
'extortion or account takeovers without requiring a '
'password leak.',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Compilation of data from existing '
'leaks and public sources'},
'ransomware': {'ransom_demanded': '0.313 BTC (~$76,000)'},
'references': [{'source': 'Hackread'}, {'source': 'Cybernews'}],
'threat_actor': 'Euphoric_Reply_5727',
'title': 'OnlyFans User Data Allegedly Compiled from Old Breaches, Offered '
'for Sale',
'type': 'Data Compilation'}