A cyber threat actor advertised a purported database of 340 million OnlyFans-linked user records on a well-known cybercrime forum, asking for 0.313 BTC, or roughly $76,000, as stated by U.K.-based cybersecurity news site HackRead.
The story changed after Hackread.com contacted the threat actor directly on Telegram. In private messages, the seller clarified they did not hack or breach OnlyFans. Instead, they argued the database was built using information collected from previous data leaks and public sources, including breached records from platforms such as Twitter, Instagram, and Spotify.
“We didn’t breach or hack OnlyFans,” the seller noted in a message shared with Hackread.com.
The timing of the alleged OnlyFans “hack” narrative is notable. The panic cyber campaign comes just weeks after the Financial Times reported that the platform, widely used by sex workers, is selling a minority stake to San Francisco-based Architect Capital.
The alleged “340 million OnlyFans user mega leak” narrative ran rampant on X this past holiday weekend, garnering millions of views from several accounts, which were described as nothing more than an engagement trap.
But that didn’t stop some X users from pushing the “OnlyFans is hacked” narrative.
From an information operations view, this creates a window for threat actors to exploit and leverage privacy fears to drive users to malware-laced leak-checker tools under the guise of helping them verify exposure.
