← All articles

Threat actor advertises 340M OnlyFans profiles for $76K - dataset built from correlating old breaches and public data, not direct hack

A threat actor going by Euphoric_Reply_5727 is selling a database advertised as 340 million OnlyFans user records on a cybercrime forum for 0.313 BTC (around $76,000). In private messages, the seller admitted to HackRead that they did not breach OnlyFans directly - the dataset was assembled by correlating old data-breach corpora with publicly visible OnlyFans profile information. Sample records include usernames, email, phone, join date, follower counts, linked social profiles, and a 'card' field claimed to be payment-card-last-4. The privacy risk is real even without a fresh breach: the correlated dataset enables targeted phishing, stalking, impersonation, and blackmail of OnlyFans users.

Check
Set domain monitoring alerts for your @company.com email addresses appearing in OnlyFans-themed correlated leak datasets. Warn high-profile employees about targeted impersonation phishing.
Affected
Active OnlyFans users whose accounts are publicly visible. The correlation dataset enables targeted phishing, sextortion, stalking, and impersonation even though no fresh breach occurred.
Fix
If you operate identity-verification flows: assume OnlyFans-correlated identity data is on the criminal market. Strengthen account-recovery flows that rely on email + phone-number proof. Treat as already-leaked.