Heimdal
article featured image

Contents:

Founded in 2016, OnlyFans is the social platform revolutionizing creator and fan connections. This site includes artists and content creators from all genres and allows them to monetize their content such as images, videos, and live streams while creating veritable relationships with their fanbase.

Beyonce name-dropped OnlyFans on the “Savage Remix” cementing its importance as a top social platform. Even if the platform is advertised as a way for famous people and social influencers to share their content, adult-themed content is also shared with fans who pay to access it.

In March, the BackChannel security firm’s researchers came across a post on a hacking forum where a member shared a Google Drive full of OnlyFans adult-themed content with other members on the forum.

Shared OnlyFans folder on forum

Source

It’s not unusual for people to share OnlyFans content they subscribe to, but what makes this leak distinct is the large number of creators whose private content has been shared at once.

BackChannel also believes it has been organized by more than one person.

This implies that multiple contributors likely added to the cache, or that the uploader sourced the content from multiple leaks. We do not assess that the poster on RaidForums is the original uploader of the Google Drive content.

Source

It is required for the folder to be downloaded to see its size, but Aaron DeVera, the BackChannel founder, said that at first Google Drive folder included folders for 279 OnlyFans creators, with one of the folders having over 10GB of videos and photos.

If we look at the dates of the files in the shared folder, nearly all of the content looks like it was uploaded last year, in October.

It is not uncommon for subscribers of OnlyFans creators to share files. OnlyFans has somewhat weak content controls around their content, and there are plenty of bots and scrapers a legitimate subscriber can use. What makes this unique is that so many users were bundled in one folder.

Source

According to DeVera, the only way to report the shared content and have it removed from Google Drive is to take each file separately and report it.

As we can see in the example below, the folder seems to be shared from the City College of San Francisco account, therefore Black Channel is trying to get in touch with them and ask them to take down the entire folder.

Shared folder

Source

Following the shared Google Drive incident, a researcher enabled all the content creators to see if they are part of the leak by creating the ‘OnlyFans Lookup Tool‘ web page. All they have to do to check if their content has been shared without permission is to insert their member name.

Source

If their content is detected in the leak after the creators entered their member names, the site will suggest that users visit LaBac’s website, which contains a DMCA contravention alert template that can be used to remove the content.

We don’t know yet how OnlyFans creators affected by the leak can more easily take down their content, but BleepingComputer has contacted Google to find out more about it.

We will keep you posted.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE