Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches

Summary

A threat actor is selling a database claiming 340 million OnlyFans user records for approximately $76,000 in Bitcoin on a cybercrime forum. Upon investigation, the seller clarified the data was not from a direct OnlyFans breach but rather compiled by matching information from previous data leaks (Twitter, Instagram, Spotify) with public OnlyFans profiles. Sample data review confirmed some usernames matched real accounts, though payment card claims remain unverified and the formatting suggests aggregated rather than internal database records.

Full text

Data BreachesHacker Selling 340 Million OnlyFans User Records Built From Old Breaches A hacker is selling a 340M OnlyFans user database allegedly built by matching old breach data and public profiles to real OnlyFans accounts. byWaqasMay 25, 20263 minute read A threat actor is advertising what they describe as a massive database containing information linked to hundreds of millions of OnlyFans users, including creators and subscribers. However, conversations with the seller and a review of sample data suggest that the collection did not result from a direct breach or scraping of OnlyFans systems. The listing appeared earlier this week on a well-known cybercrime forum, where a user operating under the alias “Euphoric_Reply_5727” offered what they described as “340 Million User Records” linked to OnlyFans users. The seller priced the database at 0.313 BTC, roughly $76,000 at the time of writing. According to the forum post, the collection allegedly contains data pulled from “internal OnlyFans databases,” including personal information, account activity metrics, linked social profiles, and payment-related details. Threat Actor Denies Hacking OnlyFans The seller advertised the database as containing usernames, names, email addresses, phone numbers, follower counts, likes, uploaded content statistics, account types, and linked social media profiles. The claims initially gave the impression of a direct platform breach or scraping incident. However, the story changed after Hackread.com contacted the threat actor directly on Telegram. In private messages, the seller clarified they did not hack or breach OnlyFans. Instead, they claimed the database was built using information collected from previous data leaks and public sources, including breached records from platforms such as Twitter, Instagram, and Spotify. “We didn’t breach or hack OnlyFans,” the seller said in a message shared with Hackread.com. “We used existing breaches and leaks databases and matched with users of the OnlyFans platform.” Screenshot shared by the threat actor shows 35GB of data (Image credit: Hackread.com) Sample Data Offers More Context After speaking with the seller, Hackread.com reviewed sample records shared from the database. The data appears to be organized as a flat text-based collection containing fields such as usernames, email addresses, phone numbers, join dates, follower counts, likes, uploaded content statistics, linked social profiles, and account types. Some entries also included a field labelled “card,” which the seller claimed referred to the last four digits of a payment card linked to an account. A closer look at the samples revealed incomplete records, placeholder values such as “None,” and publicly visible profile metrics. The formatting also differed from how modern consumer platforms typically store production database records internally. Threat actor’s post (Image credit: Hackread.com) Hackread.com independently verified that several usernames and linked details in the sample data matched real OnlyFans accounts. For example, 10 UIDs listed in the shared records matched usernames linked to publicly accessible OnlyFans profiles. However, attempts to validate associated email addresses did not produce warnings indicating the emails were already registered on the platform, leaving further verification to OnlyFans itself. Payment Card Claims Remain Unverified One detail that remains unclear is the seller’s claim regarding payment card data. The listing described the “card” field as containing the last four digits of a payment card associated with an account. Hackread.com could not independently confirm whether that information is authentic, recycled from older leaks, or included to increase the perceived value of the dataset. Nevertheless, the collection still presents privacy and security concerns. Correlating usernames, emails, phone numbers, and social media accounts can expose creators and subscribers to phishing campaigns, blackmail attempts, stalking, impersonation, and targeted harassment. The incident also shows a growing underground trend where threat actors combine old breach data with publicly accessible information to build searchable identity databases. In many cases, the value comes less from stolen passwords and more from linking online personas to real-world identities. At the time of writing, the data was still available for sale. Hackread.com has reached out to OnlyFans for comment. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts Cyber AttackCybersecuritydata breachInstagramOnlyFansPrivacySpotifytwitterWeb Scraping Leave a Reply Cancel reply View Comments (0) Related Posts Read More Data Breaches Leaks Security ShinyHunters Leak Rockstar Games Data, No Player Records Impacted ShinyHunters hackers leak 7.54 GB of Rockstar Games data from Snowflake analytics systems, confirming no player records or personal information were exposed. byWaqas Read More Security Data Breaches Leaks Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others Aftermath of MOVEit vulnerability: Data vigilante ‘Nam3L3ss’ leaks nearly 8 million employee records from industry giants like Amazon,… byWaqas Read More Security Data Breaches Leaks Privacy Exposed Cloud Server Tracks 800,000 Volkswagen, Audi, and Skoda EVs SUMMARY A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds… byDeeba Ahmed Read More Data Breaches Leaks Security Everest Ransomware Leaks 1TB of Stolen ASUS Data On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of… byWaqas

Indicators of Compromise

• malware — Euphoric_Reply_5727

Entities