Hacker Markets 340M OnlyFans User Records Compiled from Prior Breaches
What Happened — A threat actor announced the sale of a database containing approximately 340 million records tied to OnlyFans accounts. The dataset was assembled by correlating credentials and personal information from multiple historic breaches with publicly available OnlyFans profiles. The seller is offering the compiled file on underground forums for a price per record.
Why It Matters for TPRM —
- Demonstrates how legacy breach data can be repurposed to target a specific SaaS platform, amplifying third‑party risk.
- Highlights the potential for credential stuffing, extortion, and targeted phishing against both creators and subscribers.
- Signals that vendors must assess the downstream impact of data they ingest from third‑party services and APIs.
Who Is Affected — Adult‑content platforms (OnlyFans), their content creators, subscriber base, and any downstream services that integrate with OnlyFans (payment processors, marketing tools).
Recommended Actions —
- Review OnlyFans’ credential‑security controls and enforce MFA for all accounts.
- Validate that any third‑party integrations (payment gateways, analytics) have robust breach‑notification clauses.
- Conduct user‑education campaigns on phishing and credential‑reuse risks.
Technical Notes — The data set appears to be a mash‑up of previously leaked credential dumps (e.g., 2021 LinkedIn, 2022 Adobe breaches) matched via email addresses and usernames to public OnlyFans profiles. No new vulnerability in OnlyFans was disclosed, but the attack vector is third‑party data aggregation leading to credential compromise and data exfiltration. Source: HackRead