A threat actor on a cybercrime forum is offering what they describe as a database of 340 million records connected to OnlyFans users and creators.
Hackread first reported the listing on May 25, 2026, tracing it to a cybercriminal using the alias “Euphoric_Reply_5727.” If that number holds up, the leak would sit among the largest consumer data exposures ever documented, considering that OnlyFans has between 4.5 to 5 million creators and close to 380 million users worldwide.
OnlyFans, for its part, says nothing happened. A company spokesperson told Cybernews, “According to the available information, these reports are false.”
What the Threat Actor Claims Is in the Data
The seller says the records include emails, phone numbers, full names and usernames, how long each account has existed, follower and content-upload counts, links to other social profiles, and a field marked “card” that supposedly holds the last four digits of a linked payment card. The asking price was set at roughly 0.313 bitcoin, around $20,500 at the time of writing.
The original post framed the data as pulled directly from OnlyFans’ own systems, language that pointed toward a breach of the company’s infrastructure rather than a recycled compilation.
However, that framing fell apart once reporters dug deeper. Reporters at Hackread later messaged the seller directly on Telegram to verify. “We didn’t breach or hack OnlyFans,” the seller admitted in a message shared with Hackread. “We used existing breaches and leaks databases and matched with users of the OnlyFans platform.” This meant the records were pieced together from older breach dumps tied to platforms like Twitter, Instagram, and Spotify, and then matched against details already public on OnlyFans accounts.
Repackaged Old Records
Researchers who examined sample records found details that back up that account. A number of records had nothing more than the word “None” filling in certain fields, and other entries just restated details a person could already find by visiting the public profile. Cybernews also flagged that sample records appeared to date back to around August 2025, suggesting the data had been sitting around for a while.
Although that doesn’t mean the whole thing is fake. Hackread also verified and checked some of the listed usernames against real accounts and some were genuine, active OnlyFans profiles, which suggests at least part of the collection is rooted in real data, even if the larger claim of a fresh breach does not hold up.
Why the Risk Doesn’t Disappear
Recycled data remains important and holds a certain level of risk. When email addresses surface in a leak, attackers can line them up against other breached datasets to build a fuller picture of a person, which is part of information that feeds directly into phishing attempts and cyber-harassment. For a platform built on a degree of anonymity, that kind of cross-referencing can cause real harm even when the underlying data is old.
For now, the 340 million figure remains an unverified claim from an anonymous threat actor. What is obvious is that old breach data, blended with information people already share publicly, can still be repackaged into something concrete.
