You may have heard of OnlyFans or you may be using it. Launched in 2016, this subscription service for content creators has gained traction during the pandemic and now has a user base of over 170 million people, of which 2.1 million are registered creators.
While OnlyFans hosts all kinds of content, it has mostly been linked to material containing images of sexual content or violence (NSFW – Not Safe For Work).
When it comes to online privacy and security, this alone is enough to significantly increase the risk. One such example is the 2015 data theft of dating site Ashley Madison, which still haunts many victims years later, say experts from global digital security firm ESET.
Many content producers have already expressed concern about content leaks, hacked accounts, publishing revenge porn, and even theft of content that subscribers download and then redistribute—often for a fee—on other social media and sharing platforms.messages.
Needless to say, if content creators are at risk, so are subscribers, the ESET team warns. As a result, ensuring the safety and privacy of those in this industry – and their fans – requires the utmost care and attention. This is why it is imperative that users exercise caution when sharing personal information online and watch out for stalkers, scammers, and other ill-intentioned people.
What to watch out for
Each OnlyFans creator offers their own subscription plan in exchange for users’ access to their exclusive content. Some even allow users to sign up for free. But there’s a catch: Whether you sign up for a subscription or a free plan, the site asks you to enter your payment card details. At this point, the hardest part of the registration process is over.
Note that OnlyFans does not have an app – neither on Android nor iOS. You can access it only through a web browser like Chrome or Safari.
While most pages have a monthly subscription, Free OnlyFans pages can build a large audience and creators can make a lot of money by adding special one-time subscription content that many users are willing to pay for.
In late 2021, it was reported that former OnlyFans employees still had access to the personal information of both creators and subscribers who requested technical support. What information might be available to these employees?
Additionally, to trigger the verification process, Creators must provide their social media profile information and may be required to make public posts related to their new account. Fans may also be asked to provide additional pieces of personal information, depending on their location.
So how do you stay safe with OnlyFans?
OnlyFans creators will have to provide their real bank details, name and ID – not only for the verification process, but also to get paid. So you can’t be completely anonymous – but you can try to maintain some anonymity on your profile by using secondary social media accounts that aren’t linked to any of your close contacts. You can also choose to hide your face and avoid showing your location on the website.
It is also recommended that you use a disposable email address to create your account in the event of a personal data breach on OnlyFans. Similarly, you can also use single use payment cards for online payments.
However, be aware that a malicious attacker might try to hack into your OnlyFans account through clever social engineering techniques or even cyberbullying, tricking users into simply handing over their passwords and other login data.
Therefore, it is imperative that you remain cautious about giving out private information in any communication.
If a malicious actor gains unauthorized access to a creator’s account, they can potentially perform a variety of malicious activities, including:
- View subscription-based content posted by the account holder
- Changing the account owner’s password and banning him from accessing his own account
- Post new content in the account
- Delete content from the account
- Change account settings
- Add new bank details to withdraw funds
- View the account owner’s personal information (such as name, email address, and payment information)
- Use the account to send messages to other OnlyFans users
Content creators and subscribers
Whether you’re a content creator or a subscriber, there are some simple yet effective steps you can take to secure your account and stay out of harm’s way. Most importantly, you must:
- Use a strong and unique password
- Enable two-factor authentication (2FA)
Be careful when clicking on links or downloading attachments from unknown sources, and beware of phishing (or phishing) methods that are also often used to hijack user accounts.
Two-Factor Authentication is an additional layer of security designed to protect online accounts from unauthorized access and is offered on all OnlyFans accounts. It requires entering a code sent to the phone or generated by an authentication app, along with the account password, before account access is granted.
This makes it more difficult for attackers to gain access to an account, even if they have the password.
However, in case you forget your password, the way to recover it is to request a code in your email. Thus, an attacker who has access to your email account can access your email to recover the password and then take over your account.
It’s important to note that while OnlyFans prevents account pictures from being stolen from Android devices (i.e. by not allowing screenshots on those devices), this unfortunately doesn’t apply to Apple’s iOS, which still allows screenshots – like the one below.
4. Finally, report any suspicious activity
There is always a risk of stalking, sextortion, and scams (the term comes from “docs” short for “documents” and refers to files leaked online containing the victim’s personal information) when sharing personal information online and the stakes are particularly high when using a platform like OnlyFans.
Both creators and fans should do their part by reporting any strange activity or suspicious event. Sites like PimEyes, which use powerful facial recognition software, make it very easy for stalkers to find information about content creators, so it’s crucial that you only show your face if you know the risks.
OnlyFans allows you to block or restrict a profile. While completely blocking will prevent a specific profile from seeing your profile, restricting will only prevent that profile from sending private messages or responding to posts.
Finally, if you see harmful content or if you suspect that a particular video or photo has been stolen or posted without the consent of one or more people involved, you can also report a user.
Is OnlyFans safe?
The fact that so many people use OnlyFans to monetize crafty content greatly increases the stakes – and not just for content creators. So it’s important to know what you might be getting yourself into and how to protect yourself from the privacy and security risks that this might involve, say ESET experts.
In fact, as with many social media platforms and online services, the key to staying safe is being aware of threats, managing the security and privacy settings on your accounts, and applying basic cyberhealth principles to minimize risks.
“Avid problem solver. Extreme social media junkie. Beer buff. Coffee guru. Internet geek. Travel ninja.”