MYM.fans 2025 Data Breach

MYM.fans Adult Creator Subscription Platform Breach (2025): 5.2 Million User Email Addresses Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

esther (Leakbase distributor); original compromise: Creator.io employee social engineeringSocial EngineeringAdultEmail Address
High SeverityWebsite / service breach

MYM.fans Adult Creator Subscription Platform Breach (2025): 5.2 Million User Email Addresses Exposed

Subscription platform for creators and fan communities.

Verified by ObscureIQ Intelligence
87/100Breach Risk Index
25Data Value
60Market Recency
104dSince Breach

Breach Intelligence Summary

Entity: MYM.fans · Actor: esther (Leakbase distributor); original compromise: Creator.io employee social engineering · Sources: 2 references
Attack: Social Engineering
Profile: Platform · Creator monetization and subscription content · Social subscription platform · Global
Timeline: Breach (2025-01-01) · Indexed (Jan 13, 2026) · Year (2025)
Exposure: 5.2M records · 1 fields: Email Address
Status: Reported

Executive Summary

MYM.fans, a France-based creator subscription-content platform operating as a regional OnlyFans-equivalent, suffered a data breach that surfaced publicly in November 2025 when a user named 'esther' posted the dataset on the breach-trading forum Leakbase.la. According to subsequent reporting, the leaked data may have originated from a 2021 source compromise of the MYM platform's databases, totaling approximately 1.81 gigabytes including SQL tables for distinct creator and subscriber populations. The DataBreach.com summary attributes the original compromise vector to a social-engineering attack on a Creator.io employee. MYM.fans has not publicly detailed the original incident. The breach affected approximately 5.2 million unique user records based on records indexed by breach-tracking services, with the original Leakbase posting describing a 5.5 million-line text file. Compromised fields included email addresses and, according to forum reporting and security-research analyses of the leaked file, also included full names, physical addresses, phone numbers, and IP addresses for affected users. The dataset structure suggests it represents a complete user-database dump rather than a partial extract, including both subscriber and creator accounts. For affected users, the practical risk profile combines identity-fraud exposure with creator-platform-specific reputational risk that varies substantially between subscriber and creator populations. For subscribers, inclusion in the dataset confirms a paid subscription relationship with a creator-monetization platform that includes adult content. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion. Users should change any reused passwords on other accounts, enable two-factor authentication where available, document all extortion communications, and report extortion attempts to law enforcement. For affected creators, the disclosure carries materially greater risk because creator identification can affect employment, family relationships, immigration status, and personal safety, and because creator records may include real-name and tax-related identifiers used for monetization payouts. Affected creators may benefit from legal counsel familiar with French data-protection law and CNIL complaint processes. The continued circulation of the dataset after the Leakbase seizure means that affected users should treat the exposure as long-term rather than time-limited.

ObscureIQ assessment: Very high sensitivity. Exposure enables extortion, harassment, fraud, and identity linkage tied to adult-adjacent or intimate creator content and subscriber relationships.

Breach Impact

The institutional impact on MYM.fans is significant given the size of the affected user base, the sensitivity of the platform's creator-subscriber relationships, and the platform's France-based regulatory framework. The breach is subject to French data-protection authority CNIL oversight under the GDPR, which carries materially higher potential penalties than U.S. equivalents. The reputational impact is concentrated within the creator-subscription category in Europe, where MYM.fans has been a leading regional alternative to OnlyFans. The breach is also subject to ongoing scrutiny from European privacy advocates and creator-rights organizations because of the disproportionate harm to adult-content creators whose identification through MYM.fans subscription records can affect employment, family relationships, and personal safety.

About MYM.fans

MYM.fans, also styled as 'MYM (Meet Your Model),' is a France-based subscription-content platform that operates as a creator monetization service in the OnlyFans-equivalent category. Headquartered in France, MYM.fans enables independent content creators to publish photo, video, and messaging content to paid subscribers, with the platform mediating payments, subscriptions, and direct messaging between creators and fans. While MYM.fans is not exclusively an adult-content platform, the platform's creator base includes a substantial proportion of adult-content creators, similar to OnlyFans. As an account-based creator-subscription platform, MYM.fans maintains substantial subscriber and creator account data including names, contact information, billing-related identifiers, content access history, messages between creators and fans, and monetization activity.

Why They Hold Your Data

Creator subscription platforms collect highly sensitive creator and subscriber identity, payment-adjacent records, content access history, messages, and monetization activity tied to paid fan relationships.

Recent Developments

The MYM.fans breach was publicly disclosed in November 2025 when a forum user named 'esther' posted the dataset on the breach-trading forum Leakbase.la. DataBreach.com indexed the breach on January 12-13, 2026, and breach-tracking publications including DarkEye and InsecureWeb reported on the dataset shortly after. The Leakbase forum where the data was originally posted was subsequently seized by an international law enforcement operation led by Europol on March 3, 2026 ('Operation Leak'), which targeted 37 of the platform's most active users with arrests, house searches, and 'knock-and-talk' interviews across the U.S., Australia, Belgium, Poland, Portugal, Romania, Spain, and the U.K. The MYM.fans dataset has continued to circulate among breach-trading communities despite the Leakbase seizure. MYM.fans has not publicly detailed the original incident or the specific vulnerability that enabled the compromise.

Data Points Exposed

1 verified field types
Email Address

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover

Threat Actor: esther (Leakbase distributor); original compromise: Creator.io employee social engineering

esther (Leakbase distributor); original compromise: Creator.io employee social engineering
Social Engineering

Attribution and method are based on available breach intelligence. Reported attack vector: Social Engineering.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the MYM.fans breach?

MYM.fans, a France-based creator subscription-content platform operating as a regional OnlyFans-equivalent, suffered a data breach that surfaced publicly in November 2025 when a user named 'esther' posted the dataset on the breach-trading forum Leakbase.la. According to subsequent reporting, the…

What data was exposed?

Verified fields include Email Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation