Skip to content
Data breachUnknown

Leak at MYM

In November 2025, a database of around 5 million records from French adult-content subscription platform MYM was published on a cybercrime forum, exposing creators' and subscribers' names, emails, postal addresses, phone numbers, IP addresses, birthdates and MD5-hashed passwords; the data traces back to a 2021 compromise.

Victim
MYM
records
5.0M

On 10 November 2025, MYM β€” a Lyon-based French adult-content subscription platform (operated by Air Medias and often compared to OnlyFans) β€” saw a database of roughly 5 million records published for free on a major cybercrime forum. Both content creators and their paying subscribers were affected.

According to the person who released the data, the underlying breach dates back to March 2021, meaning the records sat in criminal hands for several years before being made public. Passwords were stored as MD5 hashes, a scheme considered insecure for well over a decade, and more than 3 million Gmail addresses appeared in the dump.

Exposed data categories included:

  • Usernames, first and last names, dates of birth
  • Email addresses, phone numbers and postal addresses
  • IP addresses and linked social-media accounts (Instagram, Facebook, Twitter, Snapchat)
  • Business/professional details for creators
  • MD5-hashed passwords
  • Registration and last-login timestamps

The leak drew particular attention in France because it included professional email addresses belonging to public-sector employees. Given the platform's adult-content nature, security researchers flagged heightened risks of sextortion, identity theft and harassment. No public remediation statement from MYM had been confirmed at the time of disclosure.

Sources

  1. xcancel.comhttps://xcancel.com/_SaxX_/status/1986701724623548561
  2. idprotect.frhttps://idprotect.fr/fuite-massive-de-donnees-chez-mym-plus-de-5-millions-dutilisateurs-exposes/
  3. clubic.comhttps://www.clubic.com/actualite-586873-dans-la-fuite-de-donnees-de-mym-la-serie-d-adresses-pro-de-fonctionnaires-qui-y-figurent-creent-le-debat.html

Related incidents

Data breachUnknown

Leak at Europages

On 28 December 2025, a database of 205,403 B2B prospects from European business directory Europages was reported leaked, exposing contact and company-registration details (names, job titles, employers, postal and email addresses, phone numbers, SIRET and VAT identifiers).

Victim
Europages
Records
205.4K
Data breachContained

Leak at HelloWork

In late December 2025, French recruitment platform HelloWork disclosed that data on roughly 2.8 million jobseekers β€” names, emails and professional-profile details β€” was scraped from its CV library via a fraudulently used recruiter account and offered for sale online.

Victim
HelloWork
Records
2.8M
Data breachContained

Data leak at SoundCloud

In December 2025, music-streaming platform SoundCloud disclosed a breach in which an attacker abused an internal system to map roughly 29.8 million private email addresses to public profile data β€” about 20% of its users; no passwords or payment data were taken.

Victim
SoundCloud
Records
29.8M
Data breachUnknown

Leak at Oui Heberg

On 10 November 2025, French web-hosting and VPS provider OuiHeberg was reported to have leaked customer contact records β€” names, email addresses, phone numbers and postal addresses β€” following a security incident affecting its infrastructure.

Victim
Oui Heberg