Another major scandal is unfolding around the OnlyFans platform. An advertisement offering a massive database for sale has appeared on a well-known cybercriminal forum, allegedly containing information on 340 million users of the service. The seller claims the archive includes almost everything: profile names, email addresses, phone numbers, account statistics, linked social media accounts, and even fragments of bank card data.
The asking price looked rather “modestly hacker-like” for such a massive dataset – 0.313 BTC, which at the time of publication was worth approximately $76,000. For comparison, if the database is genuine, it would represent one of the largest data leaks in the content-platform industry in recent years. Information about the sale was first analyzed in detail by Hackread.com. According to the listing published by a user under the nickname “Euphoric_Reply_5727,” the archive allegedly contains data from “internal OnlyFans databases.” The description mentioned:
usernames and account UIDs;
email addresses;
phone numbers;
subscriber and like counts;
registration dates;
uploaded content statistics;
account types;
linked social media profiles;
as well as a “card” field, which the seller described as the last four digits of a linked bank card.
However, the deeper journalists investigated the leak, the more questions arose regarding its origin.
After journalists contacted the seller via Telegram, the seller unexpectedly stated that there had been no direct breach of OnlyFans. According to him, the database had been assembled through aggregation of old leaks and publicly available data: “We did not hack OnlyFans. We used existing leaked databases and matched them with users of the platform.”
This detail significantly changes the perception of the entire story. If this is not about infiltrating the platform’s internal systems but rather so-called data aggregation, the situation appears less sensational, although still extremely unpleasant for users.
Journalists reviewed samples of the database and confirmed that some of the data did indeed correspond to real platform accounts. Certain UIDs and usernames matched publicly accessible OnlyFans profiles. However, the structure of the database appeared rather chaotic: there were empty fields, placeholder values such as “None,” and the storage format differed from the typical internal production databases used by large IT companies.
The issue of payment data remains especially controversial. Claims regarding bank card information have not yet been verified. Independent analysis could not determine whether the data was authentic, taken from older leaks involving other services, or simply added by the seller to increase the archive’s perceived value. At this point, there is no confirmation of a full-scale compromising breach.
As of publication, OnlyFans itself had not issued an official statement and had not confirmed the leak. This is also an important nuance: in the cybercrime world, such “mega leaks” are often a mixture of old databases, publicly available information, and marketing hype designed to attract buyers on underground forums.
Nevertheless, cybersecurity experts warn that even if this is not a full-fledged hack, such databases still pose a serious threat. A combination of email addresses, phone numbers, social media accounts, and account activity can be used for:
phishing;
identity impersonation;
password recovery attacks;
blackmail;
mass spam campaigns;
and targeted fraud schemes.
The situation is particularly sensitive for users of subscription-content platforms, where anonymity and confidentiality are often critically important.
In light of the news, users are advised to:
change their passwords;
enable two-factor authentication;
check whether the same password was used on other websites;
be cautious with emails and messages from unknown senders;
and carefully monitor their accounts for suspicious activity.
For now, the story of the “340 million user leak” remains more of a gray area between a real breach and a large-scale compilation of data from numerous older sources. But in the digital age, even such a “data assembly kit” can prove more dangerous than a direct hacking attack. The internet forgets nothing – especially when it can be packed into a ZIP archive and sold for Bitcoin.
All content provided on this website (https://wildinwest.com/) -including attachments, links, or referenced materials — is for informative and entertainment purposes only and should not be considered as financial advice. Third-party materials remain the property of their respective owners.