Some former OnlyFans support staff members have access to personal user information even after they’ve left the company. This huge oversight on OnlyFans’ part could lead to the leakage of personal and financial details.
According to a Vice report, some former employees have access to ZenDesk, through which OnlyFans staff respond to user support tickets. In this case, support tickets come from both subscribers and content creators on the platform.
Vice was able to confirm this by speaking to multiple ex-employees who agreed to reveal information under anonymity. By retaining access to the help desk software, ex-employees could obtain potentially sensitive information.
Depending on a user’s needs, support tickets might contain credit card information, full names, passports, addresses, bank statements, and even KYC selfies. The latter is a photo of the user holding up their ID.
When users sign up for OnlyFans, the company assures them that it keeps all information private. With this glaring oversight, it appears that isn’t the case. As the ex-employees point out, this information is extremely sensitive on its own. The nature of OnlyFans only compounds this.
While OnlyFans is for content creation in general, a sizable portion of its users produces adult content. Due to the stigma around sex work, creators and subscribers alike are more likely to be targeted. The nature of the content makes both groups vulnerable to blackmail.
Vice notes the occurrence of “insider threats,” whereby employees with access to data exploit it for personal gain. The threat is even greater with ex-employees. They have nothing to lose, and nobody monitors their activities.
Unlike data collection from people search sites and background check services or government and corporations, these threats are completely unmonitored. It’s impossible to detect a misuse unless the victims come forward.
At the time of writing, OnlyFans hasn’t released a comment on the story. The firm will need to improve its access controls going forward.