Leaked OnlyFans Content Reveals Compromised Government Websites

Turns out scammers are using that leaked content to hack government websites, and OnlyFans creators might be part of the solution. 

Here is a sentence you may not have expected to read today: OnlyFans creators are accidentally helping cybersecurity teams identify compromised government websites. Not intentionally, but as a byproduct of fighting the endless, exhausting battle against people stealing and redistributing their content without permission. 

The mechanics of how this happened are genuinely bizarre, nd they say something interesting about both the scale of the adult creator economy and the perpetual chaos of the internet. 

Start with the piracy problem, which predates OnlyFans and will likely outlast it. Adult content creator Laura Lux has been publishing content online for nearly two decades, on her own subscription site, a Patreon channel, and now OnlyFans. And for those two decades, people have been stealing it. “We do lose a lot of money just because the content is literally a Google search away a lot of the time,” she said. The solution most serious creators have adopted is aggressive use of the Digital Millennium Copyright Act. This allows creators to file takedown requests, get stolen content removed from search results, and repeat the process over and over and over. “If you are not running a DMCA service, then you might as well probably not even be bothering doing the job, because it will be everywhere,” Lux said.

So creators and the companies that represent them send millions of DMCA takedown requests targeting every URL where their stolen content appears. 

Meanwhile, the scammers have been exploiting a specific vulnerability in how Google’s search algorithm works. Government and university websites (anything with .gov or .edu domains) rank highly in search results because those extensions carry institutional authority. If you can inject malicious content into a compromised government website, that content will show up near the top of search results for whatever keyword you’ve targeted. The scammers’ targets of choice have increasingly been the names of popular adult content creators, because people searching for “leaked” content are, as one cybersecurity expert put it, “primed to click recklessly”. Click the promising leaked OnlyFans video from a .gov domain and you end up on a page full of malware, online dating scams, and suspicious advertising schemes, all pumping money into the pockets of these fraudsters. 

The result, according to new research from a cybersecurity company UpGuard, is htat more than 2,000 domains belonging to governments and educational institutions across more than 80 countries have received copyright takedown requests linked to adult content creators over the past fifteen years. There have been 384,286 total takedown requests covering more than 631,000 URLS, and of those, Google has removed around 130,000. That means that the other 400,000 are still up and running. 

OnlyFans creators filing DMCA requests to protect their stolen content are inadvertently flagging compromised government infrastructure to Google, essentially doing the work of cybersecurity teams who may not know their websites have been hijacked. “The OnlyFans models are not setting out to help government websites,” said Greg Pollock, director of research at UpGuard, “but in order for them to police their copyright ownership, they wind up sending a lot of notices to Google about those sites.”

Yet the DMCA is simultaneously the best tool OnlyFans creators have to combat this kind of leaked content, while also being the tool that is being weaponized against them. Top OnlyFans creators have discovered that unverified filers are impersonating them to file fraudulent DMCA claims, some even using the creators’ own names to file takedowns against publishers who legitimately feature them. “My agent brought these fake reports to my attention — I didn’t even know this could happen,” said Kayla, a top 1% OnlyFans creator. “Other creators who don’t have agency representation lose traffic to their pages and have no idea why it’s happening or what to do.” Google processes takedown notices from unverified filers at scale, requires no identity verification, and has built no meaningful system to flag abuse because at the end of the day, it doesn’t really impact them. But the creators? They feel the consequences in both directions: their content gets stolen, and then the system designed to protect them gets turned into a weapon against them.  

Dan Purcell, CEO of creator content protection firm Ceartas, points out that sending DMCA requests to compromised government websites is legally questionable, as those sites aren’t intentionally hosting or advertising the content, so it’s likely not a genuine copyright violation in any meaningful sense. His company contacts the website’s security team directly when it encounters these situations instead of filing takedown requests. “Just because it smells funny and looks funny doesn’t mean that you just execute the most aggressive law possible to remove the content,” he said.

Yet for most creators, the DMCA is the only tool available to fight the very real piracy problem they deal with daily. For now, these OnlyFans creators will continue to file millions of takedown requests to protect their work, accidentally doing more for government cybersecurity than they’d ever imagine. If only the system would do something for them in return.