HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Hacker Markets 340M OnlyFans User Records Compiled from Prior Breaches

A threat actor is selling a 340 million‑record database that links historic breach credentials to OnlyFans accounts. The exposure raises significant third‑party risk for the platform, its creators, and subscribers, prompting urgent review of credential hygiene and vendor controls.

LiveThreat™ Intelligence · 📅 May 25, 2026· 📰 hackread.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
hackread.com

Hacker Markets 340M OnlyFans User Records Compiled from Prior Breaches

What Happened — A threat actor announced the sale of a database containing approximately 340 million records tied to OnlyFans accounts. The dataset was assembled by correlating credentials and personal information from multiple historic breaches with publicly available OnlyFans profiles. The seller is offering the compiled file on underground forums for a price per record.

Why It Matters for TPRM

  • Demonstrates how legacy breach data can be repurposed to target a specific SaaS platform, amplifying third‑party risk.
  • Highlights the potential for credential stuffing, extortion, and targeted phishing against both creators and subscribers.
  • Signals that vendors must assess the downstream impact of data they ingest from third‑party services and APIs.

Who Is Affected — Adult‑content platforms (OnlyFans), their content creators, subscriber base, and any downstream services that integrate with OnlyFans (payment processors, marketing tools).

Recommended Actions

  • Review OnlyFans’ credential‑security controls and enforce MFA for all accounts.
  • Validate that any third‑party integrations (payment gateways, analytics) have robust breach‑notification clauses.
  • Conduct user‑education campaigns on phishing and credential‑reuse risks.

Technical Notes — The data set appears to be a mash‑up of previously leaked credential dumps (e.g., 2021 LinkedIn, 2022 Adobe breaches) matched via email addresses and usernames to public OnlyFans profiles. No new vulnerability in OnlyFans was disclosed, but the attack vector is third‑party data aggregation leading to credential compromise and data exfiltration. Source: HackRead

📰 Original Source
https://hackread.com/hacker-selling-onlyfans-user-records-old-breaches/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →