OnlyFans is a social media platform based in London, England, popular for sex workers, porn performers, models and other online celebrities to earn money by posting their private pictures and videos to fans that pay for the access.
And here, someone has managed to steal and then leaked terabytes of content stolen from it.
The subscription site that is also popular among influencers, had many of its performers' videos and images that were hidden behind its paywall and copyright protected, uploaded to the internet for anyone to see.
According to one of the first that noticed the dump, Scottish journalist Vonny LeClerc, she said that she discovered links on the internet that point to a Mega cloud storage that leaks files.
She said that the leak is disorganized, with the content divided into several different folders. And it seems that the hackers have been accessing them individually, and then later putting the collective findings into collections for distribution, she concluded.
This is why the size functuated from time to time, from 1.5 and 4 terabytes, as new files are added and older ones get deleted or moved.
The breach represents the biggest file leak in the site's history.
With links to the massive directory were widely circulated on social media and online forums, OnlyFans users were concerned.
Because users of OnlyFans are allowed to monetize their content, the breach means that the content creators may no longer profit from their work. And worse, it doesn't seem like there is anything they can do about it.
"This is paid for private content that we own," OnlyFans user Jewels Jade said. "This is illegal and a violation of our rights."
What makes things go even worse, is because reports suggested that some of the more explicit videos have names of the performers attached to them. What this means, anyone who gets their hands on the videos can potentially harass the performers both on the web and the real-life.
There are also rumors circulating on the web that said the files contain malware, child sex abuse imagery, or both.
According to Buzzfeed News which was able to directly access the files, OnlyFans users whose content was stolen, include Instagram models, TikTok personalities and also porn stars.
We have investigated claims of a site wide hack and found no evidence of any breach of our systems. The content contained in the supposed “leak” seems to be curated from multiple sources, including other social media applications.
— Steve Pym (@TheRealStevePym) February 27, 2020
OnlyFans claims that it wasn't hacked, with Steve Pymm, the company's head of marketing, saying that:
The company has assembled a team to investigate the copyright violation claims and piracy, and encourages users who feel that their content has been improperly used to contact it directly.
LeClerc has also done her part, by interacting with Troy Hunt on Twitter. Hunt said that he will notify the affected users via his HaveIBeenPwned service.
"Lots of people who use [OnlyFans] rely on this as a revenue stream," LeClerc told BuzzFeed. "Younger people, trans and nonbinary people, disabled people, people who may not have the easiest access to traditional employment. It gives anyone a means of making paywall-protected adult content. But clearly, it offers zero protection for creators, whose content can be bought and then freely distributed onwards."
OnlyFans is one of a shrinking number of platforms through which sex workers can earn their income online. And this breach can affect them very badly.
Previously, PayPal ditched Pornhub, making it difficult for Pornhub’s Models program to get paid.