A threat actor is advertising an alleged OnlyFans-linked database containing 340 million user records for 0.313 BTC, according to Hackread, which first reported the listing on May 25, 2026. The seller, using the alias “Euphoric_Reply_5727,” described the material as covering OnlyFans users, including creators and fans.
That framing matters because the story has already started drifting into a simpler but less-supported claim: that OnlyFans itself was hacked. A Binance Square post, for example, described the situation as “OnlyFans HACKED” and said the platform’s “complete database” was being sold.
The available evidence points to a murkier and more common cybercrime pattern. Hackread reported that the seller initially claimed the data came from internal OnlyFans databases, then later said in a Telegram exchange that they had not breached OnlyFans. The seller instead claimed the dataset was built by matching older leaked data and public profile information to OnlyFans accounts.
While this lowers the confidence level around a platform breach, it does not eliminate the risk. If old emails, phone numbers, usernames, social handles, follower counts, and public profile data can be joined together under an OnlyFans label, attackers can still use the result for phishing, blackmail, doxxing, impersonation, and credential-stuffing attempts.
Hackread said the sample data it reviewed included usernames, email addresses, phone numbers, join dates, account types, social links, follower counts, likes, uploaded-content counts, and a field labeled “card.” The seller reportedly claimed the card field referred to the last four digits of payment cards, but Hackread said it could not verify whether that payment-related data was real, recycled, or included to increase the listing’s value.
The sample also reportedly included incomplete fields and placeholder values, which weakens the case for treating the database as a verified internal platform dump. Hackread said some usernames in the sample matched public OnlyFans profiles, but it did not confirm that associated email addresses were registered with the platform.
OnlyFans is a more valuable label than a generic credential list because its users face a higher cost of exposure given the platform’s identity. For creators, a targeted dataset can support impersonation, account takeover, harassment, or payment fraud attempts. For subscribers, even an unverified association with the platform can be used as leverage in extortion attempts.
For now, there is no public confirmation that OnlyFans suffered a new breach tied to the 340 million-record listing. The confirmed story is narrower but still material: a hacker is marketing a massive OnlyFans-branded dataset, the seller’s own explanation points toward old leaks and public matching, and the difference between a real breach and a reconstructed dossier may not matter much to victims targeted by the next phishing or extortion campaign.
Information for this story was found via the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
