A data breach affecting the user discussion forum for FreeOnes, an adult performer directory and content-discovery platform, occurred in February 2017 and was publicly indexed on September 18, 2025 following its redistribution as part of a larger corpus of breach data circulating among breach-trading communities. The original incident affected the forum component of FreeOnes, where registered users discussed performers and content. The specific vulnerability that enabled the compromise has not been publicly detailed by FreeOnes. Have I Been Pwned founder Troy Hunt added the breach to the service in September 2025 with a sensitive flag, meaning the data is not publicly searchable but can be checked by the verified owner of any email address.

The breach affected approximately 960,000 unique user accounts based on records indexed by breach-tracking services. Compromised fields included email addresses, usernames, IP addresses, and salted MD5 password hashes. The salted MD5 password storage method is significantly weaker than modern bcrypt, scrypt, or Argon2 hashing and is vulnerable to GPU-accelerated brute-force cracking, particularly for short or commonly used passwords. Although the salting prevents simple rainbow-table attacks, the underlying password values are increasingly recoverable as computational capacity advances.

For affected users, the practical risk profile combines credential-reuse exposure with adult-platform-specific reputational risk. The combination of email address and recoverable password value supports credential-stuffing attacks against other accounts where the same password was reused. More distinctively, inclusion in the dataset confirms an adult-platform forum relationship, which can support targeted extortion or harassment campaigns. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion. Users should immediately change any reused passwords on other accounts, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to law enforcement. Given the nearly nine-year gap between the original incident and public disclosure, users should assume that the credentials have been in circulation among threat actors for an extended period and should treat any associated email or password as fully compromised across all uses.

Adult performer directories and content-aggregation platforms collect user accounts, search behavior, profile activity, and in some cases community or contact data tied to adult-content discovery.

The FreeOnes breach surfaced publicly in September 2025 when the data was added to Have I Been Pwned and Mozilla Monitor on September 18, 2025. The data had been redistributed as part of a larger compendium of breach corpora circulating among breach-trading communities. FreeOnes itself has not provided detailed public statements about the original 2017 incident, the specific vulnerability that enabled the compromise, or post-incident security measures. The breach was particularly notable for being indexed nearly nine years after the original incident, illustrating the long persistence of breach data in underground markets. Industry commentary has highlighted the case as an example of salted MD5 password hashing being increasingly inadequate against modern GPU-powered cracking attacks.