Ex-OnlyFans employees got ahold of sensitive user data after leaving

Multiple former employees of OnlyFans could access both models’ and patrons’ personal account information long after they left the company. Although ex-staff were no longer able to use the site’s backend information, they reportedly still could access Zendesk, a popular third-party customer support ticket service, which provided a loophole for amassing “credit card information, drivers' licenses, passports, full names, addresses, bank statements, how much they have earned on OnlyFans or spent, Know Your Customer (KYC) selfies where the creator holds up an ID next to their face for verification, and model release forms.”

The news comes courtesy of a new report out earlier today from Motherboard, which spoke with multiple credible, anonymous sources on the subject. These kinds of security lapses are dangerous and abusive in any circumstance, but they pose particular risks to sex workers such as OnlyFans models, who often face threats of violence, cyberstalking, revenge porn, and blackmailing.

Continuing controversy for the company — The security issue is only the latest in a string of bad news for OnlyFans, whose owners faced severe backlash for their brief attempt to ban pornography from the site — subject matter on which OnlyFans built its empire. While citing changes in bank policies as the reason for the controversial decision, the anger and public criticisms soon forced the company to reverse course.

Far more positive hacking news — Thankfully, it’s not all gross abuses of power and privilege when it comes to incidents involving vast quantities of users’ personal data. Just earlier this month, Epik — the web service company responsible for hosting such online hellscapes as Gab, The Donald, and Parler — had virtually its entire site’s history and information stolen, providing activists, researchers, and journalists massive quantities of (potentially very embarrassing) information to parse through. How’s that for a palate cleanser?