News

OnlyFans Creators' DMCA Requests Expose Hacked Government Websites

Adult content creators' DMCA takedown requests inadvertently reveal widespread hacking of government and university websites.

A surge in DMCA takedown requests from OnlyFans creators has highlighted a growing issue of compromised government and university websites being used to host scams and malware. This unintended consequence of content piracy fights reveals the scale of cybersecurity vulnerabilities.

OnlyFans Creators' DMCA Requests Reveal Hacked Government Websites

Adult content creators like Laura Lux, who publishes on platforms like OnlyFans, have long battled content theft and piracy. As the adult creator economy has grown, these creators have increasingly relied on the Digital Millennium Copyright Act (DMCA) to remove stolen content from search results. However, this fight against piracy has inadvertently exposed a widespread cybersecurity issue: thousands of government and university websites have been compromised and used to host scams and malware.

The DMCA and Compromised Websites

According to a new analysis by cybersecurity firm UpGuard, over 2,000 domains belonging to governments and educational institutions across 80 countries have received DMCA takedown requests linked to adult content creators in the past 15 years. These requests indicate that the sites may have been hacked and used to host malicious content, often disguised as leaked OnlyFans material.

Scammers exploit vulnerabilities in these official websites to upload pages or PDFs promoting fake offers, such as free movie downloads, iPhones, or porn. These pages often redirect visitors to scams or malware downloads, earning fraudsters money through complex advertising schemes. The use of authoritative .gov and .edu domains makes these scams more effective, as they rank higher in search results.

The Scale of the Problem

UpGuard’s research reveals that there have been 384,286 takedown requests covering 631,193 URLs from adult content creators to government and education websites since 2011. The majority of these requests have been made in recent years, with Google removing around 130,000 URLs and taking no action against 460,000.

The analysis shows that these compromises have surged since 2020, coinciding with the rise of individual adult creators and the popularity of platforms like OnlyFans. Many of these compromised pages use the names of well-known creators to lure victims, capitalizing on their large followings.

The Role of DMCA Requests

While DMCA requests are intended to protect creators’ copyrighted content, their use in this context has highlighted the vulnerabilities of official websites. 'The OnlyFans models are not setting out to help government websites, but in order for them to police their copyright ownership, they wind up sending a lot of notices to Google about those sites,' says Greg Pollock, director of research at UpGuard.

However, some experts argue that DMCA requests are not the appropriate tool for addressing hacked websites. Dan Purcell, CEO of Ceartas, a firm that helps creators remove pirated content, says that sending DMCA requests to compromised sites is excessive and inappropriate, as these sites are not intentionally hosting the content. Instead, he advocates for directly alerting the site’s security or administration team.

The Broader Implications

The surge in DMCA requests to government and education websites has largely been driven by a single company, Estonia-based Rulta, which represents many adult content creators. While Rulta did not respond to requests for comment, UpGuard’s analysis identified over 11,000 adult-content-linked copyright owners represented by 554 organizations making such requests.

The unintended consequence of these requests is that they provide a warning signal for security teams about potential breaches. 'Monitoring for the names of popular models could provide a warning signal for small security teams that their infrastructure has been compromised,' says Pollock.

Creators’ Perspective

Laura Lux, an OnlyFans creator whose name has been used on compromised domains in multiple countries, is unsurprised by the findings. 'It’s just crazy that our names and stuff are used in that capacity,' she says. While she uses DMCA services to protect her content, she acknowledges the irony that sex workers may inadvertently help expose cybersecurity vulnerabilities.

Conclusion

The fight against content piracy has revealed a larger cybersecurity issue affecting government and university websites. As creators continue to battle piracy, the incidental discovery of compromised official sites highlights the need for better security practices and more targeted approaches to addressing hacked websites.