Leak at MYM
In November 2025, a database of around 5 million records from French adult-content subscription platform MYM was published on a cybercrime forum, exposing creators' and subscribers' names, emails, postal addresses, phone numbers, IP addresses, birthdates and MD5-hashed passwords; the data traces back to a 2021 compromise.
- Victim
- MYM
- records
- 5.0M
On 10 November 2025, MYM β a Lyon-based French adult-content subscription platform (operated by Air Medias and often compared to OnlyFans) β saw a database of roughly 5 million records published for free on a major cybercrime forum. Both content creators and their paying subscribers were affected.
According to the person who released the data, the underlying breach dates back to March 2021, meaning the records sat in criminal hands for several years before being made public. Passwords were stored as MD5 hashes, a scheme considered insecure for well over a decade, and more than 3 million Gmail addresses appeared in the dump.
Exposed data categories included:
- Usernames, first and last names, dates of birth
- Email addresses, phone numbers and postal addresses
- IP addresses and linked social-media accounts (Instagram, Facebook, Twitter, Snapchat)
- Business/professional details for creators
- MD5-hashed passwords
- Registration and last-login timestamps
The leak drew particular attention in France because it included professional email addresses belonging to public-sector employees. Given the platform's adult-content nature, security researchers flagged heightened risks of sextortion, identity theft and harassment. No public remediation statement from MYM had been confirmed at the time of disclosure.
Sources
- xcancel.comhttps://xcancel.com/_SaxX_/status/1986701724623548561
- idprotect.frhttps://idprotect.fr/fuite-massive-de-donnees-chez-mym-plus-de-5-millions-dutilisateurs-exposes/
- clubic.comhttps://www.clubic.com/actualite-586873-dans-la-fuite-de-donnees-de-mym-la-serie-d-adresses-pro-de-fonctionnaires-qui-y-figurent-creent-le-debat.html