OnlyFans Hacked? Truth Behind the Viral 340 Million User Data Leak Claims — Should You Panic?
Claims of a massive OnlyFans data breach dismissed as misinformation, highlighting the dangers of fake leak narratives
A suspicious post recently surfaced on a well-known cybercrime forum, offering what was described as roughly 340 million user records allegedly originating from OnlyFans. The seller, using the handle Euphoric_Reply_5727, listed the dataset for around 0.313 BTC, equivalent to approximately $76,000 at the time.
According to the post, the listing allegedly included both fan and creator accounts. The data was said to contain personally identifiable information (PII), account activity metrics, linked social media profiles, and payment-related details. At first glance, the claims appeared credible — until further verification was carried out by Hackread.
OnlyFans is Hacked 🚨
— StarPlatinum (@StarPlatinum_) May 24, 2026
Apparently OnlyFans has been hacked and they're selling the complete database of 340 million users
including data of content creators and consumers.
The leaked data includes
- Usernames and profile names
- Email addresses
- Phone numbers
-… pic.twitter.com/gsNn4UpWD9
Following conversations conducted via Telegram, it emerged that the information contained in the database was not the result of a direct breach of OnlyFans. Instead, the dataset was described as a compilation built from previous data leaks and publicly accessible information sourced from social media platforms such as Twitter, Instagram, and Spotify.
'We didn't breach or hack OnlyFans,' the threat actor reportedly told Hackread. 'We used existing breaches and leak databases and matched them with users of the OnlyFans platform.'
Sample Data Inconsistent, Structure Raises Red Flags
In an effort to examine the claims more closely, Hackread reviewed sample data provided by the seller. The dataset appeared to be a flat, text-based collection containing fields such as usernames, email addresses, phone numbers, join dates, follower counts, likes, uploaded content statistics, linked social profiles, and account types.
One field was labelled "card", which the threat actor claimed contained the last four digits of a payment card associated with a user account. However, this claim could not be independently verified. It remains possible that the information was recycled from older leaks or included purely to increase the dataset's perceived value among potential buyers.
Beyond this, several entries contained empty or placeholder values marked as "None". The associated email addresses also raised questions. While attempts were made to assess their validity, checks did not conclusively confirm whether the emails were registered with OnlyFans. Further verification proved inconclusive, leaving uncertainty over how reliably the data can be linked to active accounts.
Mega Leak Claims Dismissed as Misinformation
In addition to technical inconsistencies, some commentators have urged the public not to fall for what they describe as an engagement-driven hoax. An X user known as Tatthang, described as an independent content creator who has contributed to Forbes, stated publicly that OnlyFans had not been hacked.
'It is 100% fake news. But the way they manufactured this hoax is a masterclass in clickbait,' he wrote on X.
OnlyFans did not get hacked. The timeline just fell for another engagement trap.
— Tat Thang (@tatthang) May 25, 2026
Over the last 24 hours, viral accounts have been farming millions of views claiming a "mega leak" is selling a database of 340 million OnlyFans users.
It is 100% fake news. But the way they… pic.twitter.com/eXLrCAKICd
He also analysed screenshots and field names associated with the alleged dataset, pointing out technical inconsistencies. According to his assessment, several fields — such as streams_count and likes_count — resemble frontend API attributes rather than backend database columns, making it unlikely they originated from a genuine internal server breach.
He further questioned the seller's claim of possessing 340 million records, stating that the figure appeared to have been lifted from marketing material belonging to a third-party company. According to his findings, the number likely originated from an old, publicly available list compiled by an influencer outreach firm, Influencers.club, which was subsequently rebranded as evidence of an OnlyFans server breach.
'Don't Click' — The Real Risk Behind the Hoax
While analysing screenshots or forum claims may appear harmless, Tatthang warned that the real danger lies elsewhere. According to him, threat actors often use fake breach narratives to pressure users into downloading so-called "leak checker" tools.
'The most dangerous part is the real trap,' he warned. 'The hackers spreading these fake leaks are trying to panic you into downloading "leak checkers". The moment you run those tools, they install infostealer malware — such as Lumma Stealer — designed to steal your real passwords.'
With the inconsistencies now publicly highlighted and explained, users are urged to remain cautious. Acquiring or interacting with databases linked to illegal activity carries inherent risks, and those who are not careful may find themselves exposed to malware infections, data theft, or other serious security consequences.
© Copyright IBTimes 2025. All rights reserved.
- Recommended For You
