A data breach affecting TNAFlix, an ad-supported adult video streaming and tube-style content platform, occurred in June 2022 and was publicly indexed by Have I Been Pwned in late October 2024 following its redistribution as part of a larger corpus of breach data circulating among breach-trading communities. The specific vulnerability that enabled the compromise has not been publicly detailed by TNAFlix. Have I Been Pwned added the breach to the service in October 2024 with a sensitive flag, meaning the data is not publicly searchable but can be checked by the verified owner of any email address.

The breach affected approximately 1.4 million user records based on records indexed by breach-tracking services. Compromised fields included email addresses, IP addresses, usernames, and passwords stored in plaintext. The plaintext password storage represents a particularly severe failure mode, because it means the original credential values were exposed without any hashing or computational protection, making them immediately usable for credential-stuffing attacks against any other accounts where users reused the same password.

For affected users, the practical risk profile combines credential-reuse exposure with adult-platform-specific reputational risk. The plaintext password exposure means any other account where the same password was reused was immediately compromised, with credential-stuffing attacks expected on email, financial, and social-media accounts. More distinctively, inclusion in the dataset confirms an adult-content-platform relationship, which can support targeted extortion or harassment campaigns. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion and often invites additional attempts. Users should immediately change any reused passwords on other accounts, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to law enforcement. Users with concerns about the disclosure timing should be aware that the original breach occurred in June 2022 and the data has been in circulation among threat actors for over two years, meaning passwords from that era should be treated as fully compromised across all uses.

Adult video platforms collect highly sensitive account data, emails, usernames, passwords, and viewing or upload activity tied to explicit-content access and interaction.

The TNAFlix breach was indexed by Have I Been Pwned in late October 2024 with a sensitive-breach designation. The data had been redistributed as part of a larger corpus of data circulating among breach-trading communities, similar to multiple other adult-platform breaches that surfaced or resurfaced in 2024 and 2025. TNAFlix itself has not provided detailed public statements about the original 2022 incident, the specific vulnerability that enabled the compromise, or post-incident security measures. The case has been cited as another example of plaintext password storage at significant adult-platform brands, despite long-standing industry guidance recommending modern password hashing algorithms.