Ex-employees of the explicit content site OnlyFans are able to access the personal information of the site’s users and x-rated models – including passport, credit card, and bank account info – even after they left the company, according to a new report.
As reported by Canadian news site Vice, the former staff were able to acquire such info as users’ full names, drivers’ licenses, and how people spent or earned in the site using a piece of software called Zendesk.
Some former OnlyFans support staff employees still had access to users' data—including sensitive financial and personal information—even after they stopped working for the company. https://t.co/sU2AcTdxnp
— VICE (@VICE) September 30, 2021
While Zendesk is widely used as a customer service tool, companies generally remove employee access to the software once they leave. According to Vice, OnlyFans did not do this.
“Everyone on that platform, especially sex workers, need to have their information be safe and it isn’t,” one former employee allegedly told Vice.
“It’s a shame that they have this large company and feel they can play with people’s lives like this – there are already so many things they are in trouble for and privacy should not be one of them.”
OnlyFans did not immediately respond to request for comment from Vice, and, if the claims are true, it’s unclear how many former employees would be able to access this sensitive data.
Pornography websites have previously been subjected to major scrutiny over data breaches – in January of this year a database allegedly containing two million user details for cam girl website MyFreeCams was being sold on the black market. The database reportedly used porn viewers’ e-mail addresses, as well as usernames and passwords.
MyFreeCams site hacked to steal info of 2 million paying users – @Ionut_Ilascuhttps://t.co/elK9WJXrdW
— BleepingComputer (@BleepinComputer) January 22, 2021