OnlyFans Data Leak Exposes 340 Million Records, Though Claims Remain Unverified
Hackers have posted on a data leak forum claiming to possess 340 million records allegedly sourced from OnlyFans, the subscription-based adult content platform with over 4.5 million creators and 380 million users. The leaked data reportedly includes usernames, email addresses, account activity metrics (such as follower counts, likes, and media uploads), payment card details, and linked profiles.
The threat actors deny breaching OnlyFans directly, instead asserting that the database was compiled from prior leaks, public sources, and other security incidents. Cybersecurity researchers at Cybernews analyzed a sample of the data and found it contained only a dozen records including user IDs, names, emails, and registration details dating back to August 2023. This suggests the information is outdated rather than the result of a new breach.
OnlyFans has denied any recent security compromise, stating that the claims are false. However, experts warn that even outdated exposed data could be weaponized for phishing attacks, with cybercriminals potentially cross-referencing emails with other breaches to build detailed profiles of affected individuals. The full scope and authenticity of the leak remain unverified.
OnlyFans cybersecurity rating report: https://www.rankiteo.com/company/onlyfans
"id": "ONL1779863122",
"linkid": "onlyfans",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Potentially 340 million records '
'(unverified)',
'industry': 'Adult Content/Subscription Platform',
'name': 'OnlyFans',
'size': '4.5 million creators, 380 million users',
'type': 'Company'}],
'attack_vector': 'Compilation from prior leaks, public sources, and other '
'security incidents',
'customer_advisories': 'Users should remain vigilant against phishing '
'attempts and unauthorized account access.',
'data_breach': {'number_of_records_exposed': '340 million (unverified)',
'personally_identifiable_information': 'Yes (names, emails, '
'user IDs, '
'registration details)',
'sensitivity_of_data': 'High (personally identifiable and '
'financial information)',
'type_of_data_compromised': ['Usernames',
'Email addresses',
'Account activity metrics',
'Payment card details',
'Linked profiles']},
'description': 'Hackers claimed to possess 340 million records allegedly '
'sourced from OnlyFans, including usernames, email addresses, '
'account activity metrics, payment card details, and linked '
'profiles. OnlyFans denied any recent security compromise, '
"stating the claims are false. The data's authenticity and "
'full scope remain unverified.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'unverified claims',
'data_compromised': 'Usernames, email addresses, account activity '
'metrics, payment card details, linked '
'profiles',
'identity_theft_risk': 'High (phishing attacks, cross-referencing '
'with other breaches)',
'payment_information_risk': 'High (payment card details exposed)'},
'investigation_status': 'Unverified',
'post_incident_analysis': {'root_causes': 'Alleged compilation from prior '
'leaks and public sources '
'(unverified)'},
'recommendations': 'Users should be cautious of phishing attacks and monitor '
'for suspicious activity due to potential '
'cross-referencing of exposed data with other breaches.',
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Public denial of recent security '
'compromise'},
'threat_actor': 'Unknown hackers',
'title': 'OnlyFans Data Leak Exposes 340 Million Records',
'type': 'Data Leak'}