HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Data Aggregator Sells 340 Million OnlyFans User Records Compiled from Prior Leaks

A cyber‑criminal is marketing a 340 million‑record database of OnlyFans users built by stitching together historic breach dumps and publicly‑available profile data. Although OnlyFans was not directly compromised, the dataset includes personal identifiers and partial payment‑card information, creating indirect exposure risks for vendors and partners.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 securityaffairs.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Data Aggregator Sells 340 Million OnlyFans User Records Compiled from Prior Leaks

What Happened — A threat actor advertised a database claiming to contain 340 million records tied to OnlyFans users. The dataset was not obtained by breaching OnlyFans; instead it was assembled by correlating historic breach dumps and publicly‑available profile information.

Why It Matters for TPRM

  • Even without a direct compromise, third‑party data can be reconstructed and sold, exposing personal and payment details of a platform’s users.
  • The presence of payment‑card fragments (last four digits) raises PCI‑related liability concerns for any downstream services that process or store such data.
  • Vendors that host or integrate with user‑generated content platforms must assess the risk of indirect data exposure through third‑party leak aggregation.

Who Is Affected — Adult‑content platforms, subscription‑based content services, payment processors, and any downstream partners that rely on OnlyFans‑derived data.

Recommended Actions

  • Verify that your organization does not ingest or store any of the disclosed fields (email, phone, payment‑card fragments) from unverified sources.
  • Review contracts with content‑hosting vendors for clauses covering indirect data leakage and third‑party breach notification.
  • Conduct a data‑minimization audit to ensure only necessary personal data is retained, and enforce strong encryption for any payment‑related fields.

Technical Notes — The collection appears to be a flat text file containing usernames, email addresses, phone numbers, join dates, follower counts, likes, content metrics, linked social profiles, and a “card” field with the last four digits of a payment card. Sample records show placeholders and publicly‑visible information, indicating a stitched‑together dataset rather than a clean export from the platform’s internal database. Source: Security Affairs

📰 Original Source
https://securityaffairs.com/192643/cyber-crime/340-million-onlyfans-profiles-allegedly-rebuilt-from-leaks.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →