More than 1.6TB worth of videos and images from OnlyFans has been leaked online. The data dump appears to be primarily comprised of women’s accounts, specifically those who use the site to share pornographic images.
OnlyFans claims it’s not due to a hack, though. Steve Pym, OnlyFans’ marketing chief, said on Twitter that the company has “found no evidence of any breach of our systems” and that the leaked files appear to “be curated from multiple sources, including other social media applications.” The statement was first reported by Motherboard.
OnlyFans may not have been hacked, but its content evidently isn’t secure
OnlyFans allows influencers, models, public figures, and more to share content via a premium pay model. For many sex workers, it’s a way to control and share their content behind a seemingly reliable paywall. It’s all the more important following the passage of FOSTA, a federal bill that led to the shutdown of many online platforms they used to be able to work on.
The leak contains photos and videos from hundreds of people, generally attributed to specific OnlyFans’ usernames. News of the leak began to spread widely today via Twitter and was highlighted by journalist Vonny LeClerc.
Rather than a hack, the leak seems to be the result of OnlyFans customers acquiring the photos and videos individually, then sharing them with others and compiling them into a large file for free. These photos and videos normally have to be paid for and are meant to offer users another stream of income.
While this may mean that OnlyFans’ website hasn’t been breached, it shows that the platform’s distribution model evidently has some enormous security holes. Because photos and videos can be taken from the site, it’s easy for them to be reshared elsewhere later, depriving the platform’s users of revenue. All photo and video platforms face issues like this, but many take precautions. Netflix, for instance, blocks screenshots and recordings from being taken on some platforms.
OnlyFans mentions that videos can sometimes get reposted without permission in a brief section of an FAQ on its website. It simply says that performers should contact the company, and “we will assist you.”
After publication, OnlyFans told The Verge that it has a team dedicated to sending takedown notices on stolen content. “OnlyFans takes content piracy very seriously and has a designated DMCA team that issue formal takedown notices against all reported copyright violations. This service is provided free to all of our creators,” a spokesperson said. Creators whose content has been stolen can email firstname.lastname@example.org or report it through the site’s help center.
Update February 28th, 11:45AM ET: This story has been updated with a new comment from OnlyFans about content piracy.