- The dark web listing claims to be selling 340 million Onlyfans creator and user records, including PII and account activity metrics.
- Onlyfans denies the breach, and Cybernews' analysis suggests the data set is likely a compilation of past leaks and public sources rather than an internal dump.
- Even if they are not authentic, exposed emails and metadata could still enable phishing, profiling, spam, and harassment of creators and users.
A gigantic database, allegedly containing personally identifiable information (PII) of OnlyFans creators and users, is allegedly offered for sale on the dark web; However, the authenticity of the data is questioned and the way it was obtained does not suggest an actual breach of the company's servers.
security researchers cyber news reported seeing a new ad on a dark web forum, offering 340 million records pulled from internal Onlyfans databases:
“The listing provides exclusive access to a purported Onlyfans internal database dump containing approximately 350 million user records,” the post reads. “The data set spans created and fan accounts, exposing a wide range of personally identifiable information and detailed account activity metrics.”
“False reports”
The post further claims that the file contains people's usernames, join dates, email addresses, follower count, like count, image count, video count, stream count, payment card data information, and linked profiles.
Commenting on the news, a company spokesperson said cyber news “At their core, these reports are false.”
The publication's researchers also analyzed the sample posted on the dark web and said it was disappointing and they could not conclude whether the file is authentic or not.
“Based solely on the sample, we cannot confirm the true size of the data. However, the sample does indicate that people whose data is exposed could be phishing targets,” the team explained.
“However, the emails alone could serve as a sensitive reconnaissance point. Threat actors could use this information to cross-reference information from other adult content sites to profile exposed individuals.”
The hackers did not say that they had broken into Onlyfans, but instead collected the information from previous Onlyfans leaks, compared them with public sources, other data breaches, and various publicly available information.
cyber news hints that this could be true and concludes that even in this form, the file could be quite dangerous.
“If it is a compilation, the data could be used for reconnaissance and profiling. For example, attackers could investigate whether users' emails are repeated across multiple websites or whether additional sensitive information has been leaked. Additionally, exposed creators' contact information could also lead to targeted spam and harassment,” the report notes. cyber news concluded the team.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
