Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: dark-web (2 articles)Clear

Threat actor advertises 340M OnlyFans profiles for $76K - dataset built from correlating old breaches and public data, not direct hack

A threat actor going by Euphoric_Reply_5727 is selling a database advertised as 340 million OnlyFans user records on a cybercrime forum for 0.313 BTC (around $76,000). In private messages, the seller admitted to HackRead that they did not breach OnlyFans directly - the dataset was assembled by correlating old data-breach corpora with publicly visible OnlyFans profile information. Sample records include usernames, email, phone, join date, follower counts, linked social profiles, and a 'card' field claimed to be payment-card-last-4. The privacy risk is real even without a fresh breach: the correlated dataset enables targeted phishing, stalking, impersonation, and blackmail of OnlyFans users.

Check
Set domain monitoring alerts for your @company.com email addresses appearing in OnlyFans-themed correlated leak datasets. Warn high-profile employees about targeted impersonation phishing.
Affected
Active OnlyFans users whose accounts are publicly visible. The correlation dataset enables targeted phishing, sextortion, stalking, and impersonation even though no fresh breach occurred.
Fix
If you operate identity-verification flows: assume OnlyFans-correlated identity data is on the criminal market. Strengthen account-recovery flows that rely on email + phone-number proof. Treat as already-leaked.

B1ack's Stash dark-web carding marketplace dumps 4.6 million credit-card records for free as 'punishment' for seller misconduct

B1ack's Stash, a dark-web carding marketplace operating since at least 2023, has released roughly 4.6 million stolen credit-card records as a free download. The market frames the dump as punishment for sellers caught reselling its data on rival platforms; SOCRadar says the marketplace also suspended about 8 million additional CVV2 records. The records include full PAN, CVV2, expiration date, billing address, full name, email, phone number, and IP address, which makes them directly usable for card-not-present fraud and account-opening fraud. This is the third free dump B1ack's Stash has used as a customer-acquisition tactic since its 2024 emergence.

Check
Run BIN lookups across the leaked card ranges (via SOCRadar or Recorded Future feeds your IR partner provides) for your issued cards. Increase card-not-present fraud monitoring for 30-60 days.
Affected
Roughly 4.6 million cardholders in the dump - mostly US, Canada, UK, Australia, Puerto Rico per historical B1ack's Stash regional distribution. Direct fraud-of-card risk for all holders.
Fix
For impacted issuers: pre-emptive reissue of cards seen in the dump. For consumers: monitor card statements, enable transaction notifications, and freeze cards if anomalous transactions appear. Phishing risk also elevated.