Hackers are claiming to sell a massive database allegedly containing roughly 340 million records tied to OnlyFans users, creators, and subscriber accounts. If verified, the leak could become one of the largest exposures connected to the platform to date.
The alleged dataset appeared on a well-known cybercrime forum where threat actors regularly advertise stolen databases and compromised credentials. According to the listing, the records supposedly include usernames, email addresses, join dates, follower statistics, account activity metrics, and linked social media profiles.
Attackers also claimed the database contains payment-related information and account metadata connected to both creators and subscribers. However, cybersecurity researchers caution that there is currently no confirmed evidence that OnlyFans itself suffered a new internal breach.
Several analysts reviewing the listing said the data may instead be a compiled collection built from older breaches, scraped public profiles, and previously leaked credentials rather than a direct compromise of OnlyFans infrastructure. One report stated the seller later admitted the dataset was assembled by correlating historic leaks and publicly available information with OnlyFans accounts.
Researchers who examined samples shared by the seller found only a limited number of records attached to the forum post. The sample reportedly included usernames, email addresses, profile IDs, and registration details, while some other fields appeared incomplete or empty.
Even without confirmation of a direct platform breach, experts warn the alleged dataset could still pose serious privacy and security risks. OnlyFans users often rely on anonymity, particularly creators and subscribers who do not publicly associate themselves with adult content platforms. Exposed emails and linked social profiles could potentially be used for phishing campaigns, extortion attempts, impersonation scams, harassment, or credential-stuffing attacks.
Threat actors frequently combine information from multiple historical leaks to build detailed identity profiles that become more valuable than individual breaches alone. Security analysts warn that aggregated datasets can enable cybercriminals to uncover real-world identities tied to pseudonymous online accounts.
OnlyFans has not publicly confirmed the authenticity of the alleged leak at the time of writing. The company also has not announced whether it is investigating the claims.
The platform previously faced security concerns after large collections of stolen creator content circulated online in earlier incidents. OnlyFans denied that prior leaks resulted from direct compromises of its systems, instead attributing many cases to credential theft, account sharing, and scraping activity.
Cybersecurity experts recommend that users associated with the platform change passwords immediately if they reused credentials across multiple services. Users are also advised to enable two-factor authentication, monitor accounts for suspicious activity, and remain cautious of phishing emails or extortion attempts referencing OnlyFans-related information.