Founded in 2016, OnlyFans is the social platform revolutionizing creator and fan connections. This site includes artists and content creators from all genres and allows them to monetize their content such as images, videos, and live streams while creating veritable relationships with their fanbase.
Beyonce name-dropped OnlyFans on the “Savage Remix” cementing its importance as a top social platform. Even if the platform is advertised as a way for famous people and social influencers to share their content, adult-themed content is also shared with fans who pay to access it.
In March, the BackChannel security firm’s researchers came across a post on a hacking forum where a member shared a Google Drive full of OnlyFans adult-themed content with other members on the forum.
It’s not unusual for people to share OnlyFans content they subscribe to, but what makes this leak distinct is the large number of creators whose private content has been shared at once.
BackChannel also believes it has been organized by more than one person.
This implies that multiple contributors likely added to the cache, or that the uploader sourced the content from multiple leaks. We do not assess that the poster on RaidForums is the original uploader of the Google Drive content.
It is required for the folder to be downloaded to see its size, but Aaron DeVera, the BackChannel founder, said that at first Google Drive folder included folders for 279 OnlyFans creators, with one of the folders having over 10GB of videos and photos.
If we look at the dates of the files in the shared folder, nearly all of the content looks like it was uploaded last year, in October.
It is not uncommon for subscribers of OnlyFans creators to share files. OnlyFans has somewhat weak content controls around their content, and there are plenty of bots and scrapers a legitimate subscriber can use. What makes this unique is that so many users were bundled in one folder.
According to DeVera, the only way to report the shared content and have it removed from Google Drive is to take each file separately and report it.
As we can see in the example below, the folder seems to be shared from the City College of San Francisco account, therefore Black Channel is trying to get in touch with them and ask them to take down the entire folder.
Following the shared Google Drive incident, a researcher enabled all the content creators to see if they are part of the leak by creating the ‘OnlyFans Lookup Tool‘ web page. All they have to do to check if their content has been shared without permission is to insert their member name.
If their content is detected in the leak after the creators entered their member names, the site will suggest that users visit LaBac’s website, which contains a DMCA contravention alert template that can be used to remove the content.
We don’t know yet how OnlyFans creators affected by the leak can more easily take down their content, but BleepingComputer has contacted Google to find out more about it.
We will keep you posted.