OnlyFans is a social media platform based in London, England, popular for sex workers, porn performers, models, influencers and other online celebrities to earn money by posting their private pictures and videos to fans that pay for the access.
And here, someone managed to steal and then leaked terabytes worth of OnlyFans' exclusive data, including PPV (pay-per-view) specials, pornographic and adult videos and photos.
According to one of the first that noticed the dump, Scottish journalist Vonny LeClerc, said that she discovered links on the internet that point to a Mega cloud storage that leaks files.
She said that the leak was disorganized, with the content divided into several different folders. And it seems that the hackers have been accessing them individually, and then later putting the collective findings into collections for distribution, she concluded.
This is why the size fluctuated from time to time, from 1.5 to 4 terabytes, as files were added or deleted.
In total, the leak has an equivalent of around 3 million photos, or 750 hours worth of HD videos.
The breach represents the biggest file leak in the site's history.
With links to the massive directory were widely circulated on social media like Instagram and Twitter, as well as online forums like Reddit, OnlyFans' performers were concerned.
Because performers are allowed to monetize their content, the breach means that the content creators may no longer profit from their work. And worse, it doesn't seem like there is anything they can do about it.
"This is paid for private content that we own," OnlyFans performer Jewels Jade said. "This is illegal and a violation of our rights."
Osa Lovely, another performer on OnlyFans, said that leaks are common on adult platforms. And OnlyFans is no exception. The people who are affected the most, are the creators themselves, she implied. The loss of control over monetized content has the most obvious ramifications.
When Motherboard stepped in, it reported that it hasn't seen any evidence that users or models' personal information were actually exposed.
Instead, it suggested that the content being shared in the links are mostly images and videos of the models made during public or private shows, or custom-made clips.
What Motherboard is trying to say is that, rather than a "real" data breach, the case is more like what happens to sex workers every day on the internet: someone has stolen their content and re-shared it for free to the web, spreading it around online through both social platforms and forums devoted to ripping the performers' paid content.
In other words, the leak might not be a hack after all, but a result of OnlyFans paying members who acquired the photos and videos individually, and then shared them with others.
The photos and videos were then compiled into one large file for free.
While this may mean that OnlyFans hasn’t been breached, it shows that the platform’s distribution model has some enormous security holes. Since users can take photos and videos from the site, it’s easy for them to be uploaded and re-shared elsewhere later on the web, depriving the platform’s users of revenue.
Nevertheless, while it may not be considered technically as a breach or hack, or even a "leak," the case is still highly disconcerting, and potentially dangerous for the models involved.
Not only that the performers are deprived from their income, this kind of incident also left them violated and vulnerable.
While performers and models sensitive information or real name may not be exposed, reports suggested that some of the more explicit videos have names of the performers attached to them. What this means, anyone who gets their hands on the videos can potentially harass the performers on the web.
An early example was seen when internet trolls were victim-blaming affected OnlyFans' performers. They argue that the creators should not post explicit content if they are worried about them being shared.
And when using reverse people search, social media crawling, search engines and others like scraping tools and image recognition, fans can seek more of those performers' information, opening chances for harassment beyond the web to real-life.
According to Buzzfeed News which was able to directly access the files, OnlyFans' performers whose contents were stolen, include Instagram models, TikTok personalities and also porn stars.
There are also rumors circulating on the web that said the files contain child sex abuse imagery, malware, or both.
This can be true, as the original file has been re-shared multiple times by different internet users. What this means, some files that were present on the original leak may have been removed, or replaced.
We have investigated claims of a site wide hack and found no evidence of any breach of our systems. The content contained in the supposed “leak” seems to be curated from multiple sources, including other social media applications.
— Steve Pym (@TheRealStevePym) February 27, 2020
Addressing the issue, OnlyFans claims that it wasn't hacked. Steve Pym, the company's head of marketing, said that:
The company has assembled a team to investigate the copyright violation claims and piracy, and encourages users who feel that their content has been improperly used to contact it directly through email or its help center.
“OnlyFans takes content piracy very seriously and has a designated DMCA team that issue formal takedown notices against all reported copyright violations. This service is provided free to all of our creators,” a spokesperson said.
LeClerc has also done her part, by interacting with Troy Hunt on Twitter. Hunt said that he will notify affected users via his HaveIBeenPwned service.
"Lots of people who use [OnlyFans] rely on this as a revenue stream," LeClerc told BuzzFeed.
"Younger people, trans and nonbinary people, disabled people, people who may not have the easiest access to traditional employment. It gives anyone a means of making paywall-protected adult content. But clearly, it offers zero protection for creators, whose content can be bought and then freely distributed onwards."
To the guys offering a link to the OnlyFans leak – you are absolute ghouls.
— Vonny LeClerc (@vonny_bravo) February 27, 2020
Have the image dump, it's real I'm afraid. Not everything, but there are names attached to very intimate videos.
— Vonny LeClerc (@vonny_bravo) February 27, 2020
OnlyFans is one of a shrinking number of platforms through which sex workers can earn their main source of income.
As far as the legitimacy of the data is concerned, buyers of the data have been giving positive reviews to the sellers/uploaders.
Previously, PayPal ditched Pornhub, making it difficult for Pornhub’s Models program to get paid.