OnlyFans Mega Leak Claims Raise Privacy Concerns

Hackers claim they are selling a massive dataset allegedly tied to OnlyFans creators and subscribers, raising serious concerns about privacy, phishing, and identity exposure.

Posts published on a cybercrime forum claim the alleged OnlyFans mega leak contains roughly 340 million records connected to user accounts. The dataset reportedly includes usernames, email addresses, account statistics, and linked social media profiles.

If authentic, the leak could expose highly sensitive information tied to users who depend on anonymity while using the platform.

Researchers also warned that even partially verified datasets may still create major cybersecurity and reputational risks.

Hackers Advertised Millions of Alleged Records

The alleged OnlyFans mega leak appeared on a well-known underground forum frequently used to sell stolen databases and compromised account information.

According to the claims, the dataset includes information connected to both creators and subscribers, including:

• Email addresses
• Usernames
• Account metrics
• Registration details
• Like counts
• Linked social profiles

The threat actors reportedly claimed the dataset combined information gathered from previous leaks, publicly accessible data, and unrelated breached databases.

At this stage, researchers have not independently verified the authenticity of the full dataset.

Cybersecurity experts noted that cybercriminals often exaggerate breach claims or recycle older information to increase interest from buyers on underground forums. However, researchers stressed that recycled data can still create real security risks.

Privacy and Blackmail Risks Could Be Significant

Researchers warned that the biggest threat may involve privacy exposure rather than direct financial fraud.

Many creators and subscribers use OnlyFans anonymously to separate platform activity from their personal or professional lives. Exposed account information could potentially reveal identities, social connections, or online activity patterns.

Security experts also warned that attackers may use leaked email addresses and profile data for phishing campaigns, impersonation attempts, harassment, or blackmail operations.

Researchers explained that criminals frequently cross-reference leaked information with older breach databases to build more detailed victim profiles.

That process may increase the risk of targeted scams and credential attacks against affected users.

Massive Leak Claims Continue Flooding Cybercrime Forums

The alleged OnlyFans mega leak reflects a broader trend involving enormous breach collections advertised across underground marketplaces.

Researchers explained that many cybercriminals now aggregate information gathered from malware logs, older breaches, scraping operations, and public sources into massive searchable databases.

Even when parts of those datasets contain outdated information, attackers can still use the records for phishing campaigns, account takeover attempts, and social engineering attacks.

Cybersecurity experts also warned that many users continue reusing passwords across multiple platforms, increasing the danger tied to exposed account information.

The growing popularity of subscription platforms and creator-based services also makes them increasingly attractive targets for cybercriminals seeking sensitive user data.

Conclusion

The alleged OnlyFans mega leak highlights the growing privacy and cybersecurity risks tied to large-scale data aggregation and underground breach marketplaces. Although researchers have not fully verified the claims, the reported dataset could still expose sensitive account information connected to millions of users.

The incident also shows how platforms tied to personal content and online identity remain high-value targets for cybercriminals seeking data that can support phishing, harassment, and blackmail campaigns.