Threat actor advertises 340M OnlyFans profiles for $76K - dataset built from correlating old breaches and public data, not direct hack
A threat actor going by Euphoric_Reply_5727 is selling a database advertised as 340 million OnlyFans user records on a cybercrime forum for 0.313 BTC (around $76,000). In private messages, the seller admitted to HackRead that they did not breach OnlyFans directly - the dataset was assembled by correlating old data-breach corpora with publicly visible OnlyFans profile information. Sample records include usernames, email, phone, join date, follower counts, linked social profiles, and a 'card' field claimed to be payment-card-last-4. The privacy risk is real even without a fresh breach: the correlated dataset enables targeted phishing, stalking, impersonation, and blackmail of OnlyFans users.
- Check
- Set domain monitoring alerts for your @company.com email addresses appearing in OnlyFans-themed correlated leak datasets. Warn high-profile employees about targeted impersonation phishing.
- Affected
- Active OnlyFans users whose accounts are publicly visible. The correlation dataset enables targeted phishing, sextortion, stalking, and impersonation even though no fresh breach occurred.
- Fix
- If you operate identity-verification flows: assume OnlyFans-correlated identity data is on the criminal market. Strengthen account-recovery flows that rely on email + phone-number proof. Treat as already-leaked.