OnlyFans is a social media platform based in London, England, popular for sex workers, porn performers, models, influencers and other online celebrities to earn money by posting their private pictures and videos to fans that pay for the access.
And here, someone has managed to steal and then leaked terabytes worth of OnlyFans' exclusive data, including PPV (pay-per-view) specials, pornographic and adult videos and photos.
According to one of the first that noticed the dump, Scottish journalist Vonny LeClerc, she said that she discovered links on the internet that point to a Mega cloud storage that leaks files.
She said that the leak was disorganized, with the content divided into several different folders. And it seems that the hackers have been accessing them individually, and then later putting the collective findings into collections for distribution, she concluded.
This is why the size fluctuated from time to time, from 1.5 and 4 terabytes, as new files are added and older ones get deleted or moved.
The breach represents the biggest file leak in the site's history.
With links to the massive directory were widely circulated on social media and online forums, OnlyFans users were concerned.
Because users of OnlyFans are allowed to monetize their content, the breach means that the content creators may no longer profit from their work. And worse, it doesn't seem like there is anything they can do about it.
"This is paid for private content that we own," OnlyFans user Jewels Jade said. "This is illegal and a violation of our rights."
What makes things go even worse, reports suggested that some of the more explicit videos have names of the performers attached to them. What this means, anyone who gets their hands on the videos can potentially harass the performers both on the web and the real-life.
There are also rumors circulating on the web that said the files contain malware, child sex abuse imagery, or both.
Within 72 hours of the news, numerous websites and forums started to host the leaked data, with each link hosting up to 300GB of exclusive content, sorted by pseudonymous stage names.
According to Buzzfeed News which was able to directly access the files, OnlyFans users whose content was stolen, include Instagram models, TikTok personalities and also porn stars.
When Motherboard stepped in, it reported that it hasn't seen any evidence that users or models' personal information were actually exposed.
Instead, it suggested that the content being shared in the links are mostly images and videos of the models made during public or private shows, or custom-made clips.
What Motherboard is trying to say is that, rather than a "real" data breach, the case is more like what happens to sex workers every day on the internet: someone has stolen their content and re-shared it for free to the web, spreading it around online through both social platforms and forums devoted to ripping the performers' paid content.
Nevertheless, while it may not be considered technically as a breach or hack, or even a "leak," the case is still highly disconcerting, and potentially dangerous for the models involved.
As far as the legitimacy of the data is concerned, buyers of the data have been giving positive reviews to the sellers.
We have investigated claims of a site wide hack and found no evidence of any breach of our systems. The content contained in the supposed “leak” seems to be curated from multiple sources, including other social media applications.
— Steve Pym (@TheRealStevePym) February 27, 2020
OnlyFans claims that it wasn't hacked, with Steve Pym, the company's head of marketing, saying that:
The company has assembled a team to investigate the copyright violation claims and piracy, and encourages users who feel that their content has been improperly used to contact it directly.
LeClerc has also done her part, by interacting with Troy Hunt on Twitter. Hunt said that he will notify the affected users via his HaveIBeenPwned service.
"Lots of people who use [OnlyFans] rely on this as a revenue stream," LeClerc told BuzzFeed. "Younger people, trans and nonbinary people, disabled people, people who may not have the easiest access to traditional employment. It gives anyone a means of making paywall-protected adult content. But clearly, it offers zero protection for creators, whose content can be bought and then freely distributed onwards."
OnlyFans is one of a shrinking number of platforms through which sex workers can earn their income online. And this breach can affect them very badly.
Previously, PayPal ditched Pornhub, making it difficult for Pornhub’s Models program to get paid.