Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches
🚨 Major Data Breach Alert! 🚨
A threat actor is advertising a massive database containing information linked to hundreds of millions of OnlyFans users, including both creators and subscribers. The listing appeared earlier this week on a well-known cybercrime forum, where a user operating under the alias Euphoric_Reply_5727 offered 340 Million User Records linked to OnlyFans users. The seller priced the database at 0.313 BTC, roughly $76,000 at the time of writing.
According to the forum post, the collection allegedly contains data pulled from internal OnlyFans databases, including personal information, account activity metrics, linked social profiles, and payment-related details. The seller advertised the database as containing usernames, names, email addresses, phone numbers, follower counts, likes, uploaded content statistics, account types, and linked social media profiles.
However, conversations with the seller and a review of sample data suggest that the collection did not result from a direct breach or scraping of OnlyFans systems. Hackread.com contacted the threat actor directly on Telegram, where the seller clarified they did not hack or breach OnlyFans. Instead, they claimed the database was built using information collected from previous data leaks and public sources, including breached records from platforms such as Twitter, Instagram, and Spotify.
“We didn’t breach or hack OnlyFans,” the seller said. “We used existing breaches and leaks databases and matched with users of the OnlyFans platform.”
After speaking with the seller, Hackread.com reviewed sample records shared from the database. The data appears to be organized as a flat text-based collection containing fields such as usernames, email addresses, phone numbers, join dates, follower counts, likes, uploaded content statistics, linked social profiles, and account types. Some entries also included a field labelled “card,” which the seller claimed referred to the last four digits of a payment card linked to an account.
Hackread.com independently verified that several usernames and linked details in the sample data matched real OnlyFans accounts. For example, 10 UIDs listed in the shared records matched usernames linked to publicly accessible OnlyFans profiles. However, attempts to validate associated email addresses did not produce warnings indicating the emails were already registered on the platform, leaving further verification to OnlyFans itself.
Nevertheless, the collection still presents privacy and security concerns. Correlating usernames, emails, phone numbers, and social media accounts can expose creators and subscribers to phishing campaigns, blackmail attempts, stalking, impersonation, and targeted harassment. The incident also shows a growing underground trend where threat actors combine old breach data with publicly accessible information to build searchable identity databases. In many cases, the value comes less from stolen passwords and more from linking online personas to real-world identities.
At the time of writing, the data was still available for sale. In a statement shared with Hackread.com, OnlyFans said the reports were “false” but did not elaborate on the data or the claims made by the threat actor.
For more details, check out the full article here: Read full article