Staying safe on OnlyFans: The naked truth

Cyber Security

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

By now you’ve most probably heard of, or possibly even use, OnlyFans. Launched in 2016, this subscription service for content creators gained momentum over the course of the pandemic and now boasts a user base of more than 170 million people, 2.1 million of which are registered content creators.

While the site offers a home for all kinds of content, it is largely associated with NSFW material. When it comes to online privacy and security, this alone raises the stakes significantly – as laid bare, for example, by the hack of the infidelity website Ashley Madison in 2015 that still haunted many victims years later.

Indeed, remember that in the absence of proper precautionary measures, adult entertainment and online privacy don’t make for good ‘bedfellows’. The threats that stem from their potentially toxic ‘relationship’ run the gamut, from relatively run-of-the-mill content piracy all the way to revenge porn and large-scale data leaks and breaches.

Naturally, OnlyFans and its users aren’t exempt from these risks. Many content producers have already expressed concern over leaked content, hacked accounts, the uploading of revenge porn, and even the theft of content that’s downloaded by paying subscribers and then redistributed – often for a fee – on other social media and messaging platforms.

Needless to say, if content creators are at risk, subscribers are at risk, too. As a corollary, ensuring the safety and privacy of those working in this industry – and their fans – requires utmost caution and attention. That’s why it is vital for users to be cautious when sharing personal information online, and to be wary of stalkers, scammers and other ill-intentioned individuals.

What to look out for

Each OnlyFans creator offers their own subscription plan in exchange for letting users access their exclusive content. Some even allow users to subscribe for free. But there’s a catch: Whether you’re signing up for a paid or free plan, the site requests that you register and enter your payment card. At this point, the hardest part of the registration process is completed.

Note that OnlyFans does not have an app not on Android or on iOS. It can only be accessed through a web browser, such as Chrome or Safari.

While most pages have a monthly fee, free OnlyFans pages can gather large audiences, and creators can still make a lot of money by adding special one-time pay-per-view content that a lot of users will be willing to pay for.

  • OnlyFans creators need to provide personal information to set up an account, including legal name and bank account details. It will also be required to provide verification documents, such as a photo of a government-issued identification and a selfie holding the same ID. These steps are necessary both for tax purposes and to ensure that creators are paid legally. It is important to note that OnlyFans knows the identity of all creators on the platform.
  • OnlyFans subscribers will need to provide an email address – and, regardless of whether they want to subscribe to a paid or free account, not adding a payment card is not an option.

In late 2021, it was reported that former OnlyFans employees still had access to personal information of both creators and subscribers who required technical support. And what information might be available to such employees? In its Privacy Policy, OnlyFans is very clear: While the app does not receive “the fan’s” full payment card details, “If you are required to provide your name and email address to the payment provider, then they also provide us with that information.”

Moreover, in order to run the verification process, creators must provide handles to their social media profiles and might be asked to make public posts related to their new account. Fans might also be requested to provide additional personal information details, depending on where they are located.

So how can you keep yourself safe on OnlyFans?

Content creators

OnlyFans creators will have to provide their real banking details, name and ID – not only for the verification process, but also to get paid. So, you can’t be fully anonymous  – but you can try to keep some anonymity on your profile by using secondary social media accounts that are not linked to any of your close contacts.  You might also choose to hide your face and avoid showing your location on the site.

We also recommended using a burner email address for setting up your account in case there is ever a breach of personal data at OnlyFans. Likewise, you can also use disposable payment cards for online use.

Be aware, however, that a vicious attacker could attempt to hack your OnlyFans account through clever social engineering or even cyberbullying techniques, leading to users simply handing over their passwords and other login data. It is, therefore, vital that you remain cautious about responding with private information to any unsolicited communication.

If a bad actor were able to gain unauthorized access to a creator’s account, he or she could potentially engage in a number of malicious activities, such as:

  • Viewing the subscription-based content that the account owner has posted
  • Changing the account owner’s password and locking them out of their own account
  • Posting new content to the account
  • Deleting content from the account
  • Changing the account settings
  • Adding new banking details for withdrawing funds
  • Viewing the account owner’s personal information (such as his or her name, email address, and payment information)
  • Using the account to send fraudulent messages to other OnlyFans users

Content creators and subscribers

Regardless of whether you’re a content producer or a subscriber, there are a few simple but effective steps you can take to secure your account and stay out of harm’s way. Most importantly, you should:

Two-factor authentication is an extra layer of security that is designed to protect online accounts from unauthorized access and is offered to all OnlyFans accounts. It requires that a code sent to a phone or generated by an authentication app be entered in addition to the account password before access to the account is granted. This makes it much more difficult for attackers to gain access to an account, even if they have the password.

However, should you forget your password, the way to recover it is by requesting a code to your email. So, an attacker who has access to your email account could access the email generated for password recovery and then take over your OnlyFans account.

Moreover, it is important to note that while OnlyFans prevents account images from being stolen from Android devices (i.e., by not allowing screenshots on such devices), this is unfortunately not the case on Apple’s iOS, which still allows for screenshots – such as the ones displayed in this blogpost.

Report any suspicious activity

There is always a risk of stalking, sextortion and doxing when sharing personal information online, and the risk is especially high when using a platform like OnlyFans. Both creators and fans need to do their part by reporting unintended activity or any suspicious event (for example, a third party requesting a link for password recovery, or engaging in any kind of bullying). Sites like PimEyes which use powerful facial recognition software are making it very easy for stalkers to find out information on content creators, so it is vital that you only ever show your face if you know the risks.

OnlyFans allows you to Block or Restrict a profile. While blocking will fully stop a specific profile from viewing yours, restricting will only stop that profile from sending private messages or replying to posts.

Finally, if you see harmful content or suspect a specific video or photo has been stolen or posted without the consent of one or more of the people involved, you can also report a profile.

Is OnlyFans safe?

The fact that many people use OnlyFans to monetize their saucy content raises the stakes significantly – and not just for content creators. It is, therefore, important to know what you may be getting yourself into and how to shield yourself from the privacy and security risks this may entail. Indeed, and as with many other social media platforms and online services, the key to staying safe is being aware of the threats, managing the security and privacy settings on your accounts and applying cyber-hygiene basics to minimize the risks.

Products You May Like

Articles You May Like

Ascension Attack Caused by Employee Downloading Malicious File
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
#Infosec2024: Cyber Resilience Means Being Willing to Learn From a Crisis
Phishing Attacks Targeting US and European Organizations Double
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Leave a Reply

Your email address will not be published. Required fields are marked *