Only Fans Breach Could Have Been Dangerous

Posted on By CQCore
Hostile Profiling, OPSEC, Social-Engineering

Only Fans Breach Could Have Been Dangerous

I saw the recent coverage of the alleged Only Fans data breach and it got me thinking of the training I deliver and the warnings I give in relation to the use of work email addresses. Think how the Only Fans breach could affect an organisation or business because of how employees use their work emails.

With the recent alleged disclosures that potentially 340m user records from Only Fans had been obtained and were allegedly available to buy got me thinking from an OSINT, Social Enginering and Cybersecurity perspective.

When I deliver my Exfiltrated Data / Hostile Threat Profiling / Digital & Online Exposure Risks training I often talk about how exfiltrated data can be used to social engineer, blackmail people or create cybersecurity risks.

The Only Fans data could present a particularly interesting issue for people affected and the organisations or businesses they work for.

According to reports the alleged data leak includes personal user information, which includes:

Usernames

Display Names

Join dates

Email addresses

Follower counts

Like counts

Picture counts

Video counts

Stream counts

Payment card data

Linked profiles

This leads to potential vulnerability vectors: –

OSINT

Social Engineering

Blackmail

What usernames have been created, are the usernames inappropriate or do they reveal personal sensitive interests. Interests that could lead to blackmail.

In 2025 in the UK there were some big cybersecurity incidents.

The JLR breach of 2025 apparently cost the UK economy £1.9bn and it was said to have been the most economically damaging cyber event in UK history. We may never truly find out what happened but It is suspected that it wasn’t a sophisticated network intrusion or malware attack. It was by all accounts a social engineering attack via spear-phishing emails, potentially based on data from a previous infostealer infection.

JLR was not the only company in that series of attacks. Harrods, Marks & Spencer and Co-op fell victim too.

Your passwords says so much about you, anyone who works in OSINT, social engineering or cyber-security knows what I mean. I cover this extensively in my training.

Employees will use their work email to sign up for services or platforms that are not suitable or within keeping with the responsibilities as an employee. This leads to OSINT, social engineering opportunities and cyber-security issues for the company or organisation they work for.

On the balance of probabilities there will be other public or publicly available data on an employee as well as the company or organisation that a someone could aggregate with sensitive data and use it to social engineer or blackmail an employee. Imagine an employee signing up for Only Fans using their work email address and having an inappropriate username, or interests. Potentially a business or organisation suddenly has a vulnerable employee or worse still an insider threat.

It matters not whether the Only Fans incident is genuine or as some have said is an aggregation of previous scrapes, the risks remain.

Keep work and personal life separate. Don’t allow an easy pivot from one to the other. I have very few exceptions to this rule.

Don’t use your work email to sign up for non-work-related services or platforms, especially if they are not appropriate for the employment you undertake or position you hold. You could be leaving you and your employer vulnerable.

You may also like

Hostile Profiling
Understanding The Links
May 6, 2021
OPSEC
Telegram OSINT VM Part 1
May 13, 2023
OPSEC
Effective Use of a VPN in OSINT
May 3, 2021
Hostile Profiling
Deep Dive into Operational Security
March 13, 2020