Hackread has auditioned the sale of 340 million onlyFans.
On the underground forum, they sell a base that is issued for 340 million records of users of OnlyFans. The first description sounds like a large hacking of the platform, but checking the source shows a more unpleasant and familiar scheme: old leaks from different services could be associated with real onlyFans profiles and turn into a catalog for deanonymization.
The publication appeared at the famous cybercriminal forum at the beginning of the week. The user under the pseudonym Euphoric_Reply_5727 offered the base 340 Million User Records, allegedly associated with the authors and subscribers of OnlyFans. The seller requested for an array of 0.313 BTC, about $76 000 at the time of publication of the material.
The announcement claimed that the data array was taken from the internal databases OnlyFans. The database allegedly contained user names, real names, email addresses, phone numbers, number of subscribers, likes, statistics of downloaded content, types of accounts, tied social networks and payment information.
After the appeal of the journalists, the seller changed the explanation. In the correspondence through Telegram, the source said that OnlyFans did not hack, but the database was collected from previous leaks and open data. According to the seller, records from leaked Twitter, Instagram*, Spotify and other services were compared with users of OnlyFans.
Journalists studied the samples of the base. The records looked like simple text unloading, and not as a fragment of the inside base OnlyFans: the lines listed the logins, email addresses, phones, registration dates, profile metrics, social links and account type. Some lines were featured as the card field, which the seller describes as the last four digits of the account-related payment card.
The test of the samples did not confirm the version of direct access to the internal infrastructure of OnlyFans. The records found incomplete fields, plugs like None and publicly visible profile metrics, and the format was different from the structure that modern consumer platforms are usually used in work bases.
Some of the data still coincided with real profiles. Journalists checked several user names and related information from the sample, and 10 UIDs from the provided entries coincided with publicly available onlyFans accounts. When trying to check the associated email addresses, the service did not show warnings about the registration of mailboxes on the platform, so only OnlyFans can conduct full verification.
The application for payment cards remains unconfirmed. The check did not allow to establish whether the last four digits of cards belong to real accounts, whether information from old leaks or added to increase the base price.
Even without confirmed hacking, the array poses a risk to privacy. The bundle of logins, phones, mail and profiles in social networks helps scammers to search for real people for pseudonyms, run phishing, blackmail authors and subscribers, impersonate account owners or organize point bullying.
The case shows an important shift in the stolen data market. Criminals no longer always need a fresh hack of a large platform: old leaks, open profiles and automatic mapping of records allow you to collect bases where the main value is not in passwords, but in connection between a digital person and a real person.
At the time of publication, the base remained on sale. The editors of the source sent a request to OnlyFans, but the comment of the platform is not given in the material.
On the underground forum, they sell a base that is issued for 340 million records of users of OnlyFans. The first description sounds like a large hacking of the platform, but checking the source shows a more unpleasant and familiar scheme: old leaks from different services could be associated with real onlyFans profiles and turn into a catalog for deanonymization.
The publication appeared at the famous cybercriminal forum at the beginning of the week. The user under the pseudonym Euphoric_Reply_5727 offered the base 340 Million User Records, allegedly associated with the authors and subscribers of OnlyFans. The seller requested for an array of 0.313 BTC, about $76 000 at the time of publication of the material.
The announcement claimed that the data array was taken from the internal databases OnlyFans. The database allegedly contained user names, real names, email addresses, phone numbers, number of subscribers, likes, statistics of downloaded content, types of accounts, tied social networks and payment information.
After the appeal of the journalists, the seller changed the explanation. In the correspondence through Telegram, the source said that OnlyFans did not hack, but the database was collected from previous leaks and open data. According to the seller, records from leaked Twitter, Instagram*, Spotify and other services were compared with users of OnlyFans.
Journalists studied the samples of the base. The records looked like simple text unloading, and not as a fragment of the inside base OnlyFans: the lines listed the logins, email addresses, phones, registration dates, profile metrics, social links and account type. Some lines were featured as the card field, which the seller describes as the last four digits of the account-related payment card.
The test of the samples did not confirm the version of direct access to the internal infrastructure of OnlyFans. The records found incomplete fields, plugs like None and publicly visible profile metrics, and the format was different from the structure that modern consumer platforms are usually used in work bases.
Some of the data still coincided with real profiles. Journalists checked several user names and related information from the sample, and 10 UIDs from the provided entries coincided with publicly available onlyFans accounts. When trying to check the associated email addresses, the service did not show warnings about the registration of mailboxes on the platform, so only OnlyFans can conduct full verification.
The application for payment cards remains unconfirmed. The check did not allow to establish whether the last four digits of cards belong to real accounts, whether information from old leaks or added to increase the base price.
Even without confirmed hacking, the array poses a risk to privacy. The bundle of logins, phones, mail and profiles in social networks helps scammers to search for real people for pseudonyms, run phishing, blackmail authors and subscribers, impersonate account owners or organize point bullying.
The case shows an important shift in the stolen data market. Criminals no longer always need a fresh hack of a large platform: old leaks, open profiles and automatic mapping of records allow you to collect bases where the main value is not in passwords, but in connection between a digital person and a real person.
At the time of publication, the base remained on sale. The editors of the source sent a request to OnlyFans, but the comment of the platform is not given in the material.
