Subscription Leak Threat Scam on Email
Fraudsters email people claiming a 'leaked database' proves they signed up for an adult site or gambling account, then demand payment to keep it quiet.
Part of: Subscription Leak Threat Scam
Last reviewed: 5 July 2026
Email is the primary channel for the subscription leak threat scam because it lets a scammer send a mass, low-cost message to thousands of addresses at once, hoping a small percentage will panic and pay rather than risk embarrassment.
How this scam works on Email
The email typically arrives with a subject line referencing a supposed data breach at a subscription service, sometimes naming a real breach that was in the news to add credibility. The body claims the recipient's account details, browsing history, or billing records were captured and will be sent to their contacts or employer unless a payment is made within a set deadline, usually in cryptocurrency.
To make the threat feel personalized, some versions include an old, breached password the recipient once used on an unrelated site, which they harvested from a public data dump rather than from any actual hack of the recipient's device. The email counts on the shock of seeing a real old password to make the rest of the fabricated claims seem plausible.
Common red flags
- The email includes an old password you recognize but no other proof of account access
- A tight countdown timer pressures immediate payment
- Payment is demanded only in cryptocurrency to an anonymous wallet address
- The message threatens to contact your family, employer, or social media contacts
- Generic mass-mailing language that could apply to anyone, not specific details about you
- No option given to verify the claim through the actual subscription provider
How to protect yourself
- Do not reply to or pay the sender under any circumstances
- Check whether the referenced old password appears in known public breach databases rather than assuming it came from a live hack
- Change any password that was reused across multiple accounts and enable two-factor authentication
- Do not click any links or open attachments in the email
- Report the email as phishing through your email provider's built-in tool
- Search the exact wording of the email online, since these templates are usually reused across many victims
How to report it
- Use your email provider's 'Report phishing' or 'Report spam' button so the message is flagged and filtered
- Forward the email to your national anti-phishing reporting address if one exists in your country
- Report the cryptocurrency wallet address to blockchain analysis or scam-tracking sites if payment was requested
- File a report with your local consumer protection or cybercrime agency if you paid or lost money
Frequently asked questions
How did the scammer get my real old password?
Almost always from a public data breach unrelated to any hack of your device; breached credential lists are bought and sold in bulk and mass-emailed to try the same threat on every address.
Should I reply to prove the claim is false?
No, replying only confirms your email address is active and monitored, which can lead to more targeted scam attempts.