[BreachExchange] OnlyFans says it wasn’t hacked after hundreds of performers’ videos leak online

Fri Feb 28 10:16:15 EST 2020

https://www.theverge.com/2020/2/27/21156445/onlyfans-leak-not-hacked-photos-videos

 More than 1.6TB worth of videos and images from OnlyFans has been
leaked online. The data dump appears to be primarily comprised of
women’s accounts, specifically those who use the site to share
pornographic images.

OnlyFans claims it’s not due to a hack, though. Steve Pym, OnlyFans’
marketing chief, said on Twitter that the company has “found no
evidence of any breach of our systems” and that the leaked files
appear to “be curated from multiple sources, including other social
media applications.” The statement was first reported by Motherboard.
OnlyFans did not respond to The Verge’s request for comment.

ONLYFANS MAY NOT HAVE BEEN HACKED, BUT ITS CONTENT EVIDENTLY ISN’T SECURE

OnlyFans allows influencers, models, public figures, and more to share
content via a premium pay model. For many sex workers, it’s a way to
control and share their content behind a seemingly reliable paywall.
It’s all the more important following the passage of FOSTA, a federal
bill that led to the shutdown of many online platforms they used to be
able to work on.

The leak contains photos and videos from hundreds of people, generally
attributed to specific OnlyFans’ usernames. News of the leak began to
spread widely today via Twitter and was highlighted by journalist
Vonny LeClerc.

Rather than a hack, the leak seems to be the result of OnlyFans
customers acquiring the photos and videos individually, then sharing
them with others and compiling them into a large file for free. These
photos and videos normally have to be paid for and are meant to offer
users another stream of income.

While this may mean that OnlyFans’ website hasn’t been breached, it
shows that the platform’s distribution model evidently has some
enormous security holes. Because photos and videos can be taken from
the site, it’s easy for them to be reshared elsewhere later, depriving
the platform’s users of revenue. All photo and video platforms face
issues like this, but many take precautions. Netflix, for instance,
blocks screenshots and recordings from being taken on some platforms.

OnlyFans mentions that videos can sometimes get reposted without
permission in a brief section of an FAQ on its website. It simply says
that performers should contact the company, and “we will assist you.”