TNAFlix Adult Video Platform Breach (2022): 1.4 Million User Accounts Including Plaintext Passwords Exposed

Executive Summary

A data breach affecting TNAFlix, an ad-supported adult video streaming and tube-style content platform, occurred in June 2022 and was publicly indexed by Have I Been Pwned in late October 2024 following its redistribution as part of a larger corpus of breach data circulating among breach-trading communities. The specific vulnerability that enabled the compromise has not been publicly detailed by TNAFlix. Have I Been Pwned added the breach to the service in October 2024 with a sensitive flag, meaning the data is not publicly searchable but can be checked by the verified owner of any email address.

The breach affected approximately 1.4 million user records based on records indexed by breach-tracking services. Compromised fields included email addresses, IP addresses, usernames, and passwords stored in plaintext. The plaintext password storage represents a particularly severe failure mode, because it means the original credential values were exposed without any hashing or computational protection, making them immediately usable for credential-stuffing attacks against any other accounts where users reused the same password.

For affected users, the practical risk profile combines credential-reuse exposure with adult-platform-specific reputational risk. The plaintext password exposure means any other account where the same password was reused was immediately compromised, with credential-stuffing attacks expected on email, financial, and social-media accounts. More distinctively, inclusion in the dataset confirms an adult-content-platform relationship, which can support targeted extortion or harassment campaigns. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion and often invites additional attempts. Users should immediately change any reused passwords on other accounts, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to law enforcement. Users with concerns about the disclosure timing should be aware that the original breach occurred in June 2022 and the data has been in circulation among threat actors for over two years, meaning passwords from that era should be treated as fully compromised across all uses.

About TNAFlix

TNAFlix is an ad-supported adult video streaming and 'tube'-style content platform that combines professionally produced adult content with user-uploaded material. The platform operates similarly to mainstream video-sharing platforms in its user-experience design, with free ad-supported public access and optional account registration for engagement features such as favorites, playlists, comments, and personalization. TNAFlix is part of the broader portfolio of major adult-platform brands historically associated with parent companies in the adult-tech industry. As an account-based adult video platform, TNAFlix maintained user account data including email addresses, usernames, IP addresses, and login credentials tied to adult-content viewing and interaction.