A group of hackers claims to have 340 million records linked to OnlyFans, a platform with more than 4.5 million creators and nearly 380 million users. The alleged database would include follower and creator accounts, with personal information and activity metrics.
The main discrepancy lies in the origin of this data. While the attackers present the finding as a major information exposure, the technical analysis known so far indicates that it does not stem from a new vulnerability and that the material corresponds to August of last year.
The reviewed sample only included ten records with emails and names
The data that the attackers claim to have gathered would contain usernames, registration dates, email addresses, follower counts, interaction counters, and counts of images, videos, and live streams. They also mention payment card data and linked profiles.
However, the Cybernews research team reviewed the shared sample and found that only ten records with identifiers, names, and email addresses were attached. That same review concludes that the information does not come from a recent breach.
Those responsible for the leak deny having accessed the platform's internal systems. Their version is that the database was compiled from previous leaks, public sources, and other security breaches.
OnlyFans rejects the existence of a current security breach
The exposure of email addresses and other profile data can facilitate identity theft attacks. The risk increases when this information is cross-referenced with data obtained from other platforms to build more complete profiles of the affected users.
This cross-referencing of databases has already appeared in other cybersecurity incidents and is connected to phishing attacks and data leaks that amplify the impact of an initial exposure.
OnlyFans denies that an intrusion is underway. A spokesperson for the platform told Cybernews that, based on the available information, reports of this alleged breach are false.
"Based on the information available, these reports are false" - OnlyFans spokesperson
Cybernews also places the temporal origin of the data in August of last year, a detail that distances the hypothesis of new access to OnlyFans systems.