Subscription Leak Threat Scam
A scammer claims to have obtained a victim's private subscription or purchase history on an embarrassing or sensitive platform and threatens to expose the list to contacts, family, or employers unless paid.
Last reviewed: 5 July 2026
What this scam is
The subscription leak threat scam is a form of extortion that targets the fear of having a private subscription or purchase history — often related to adult content, dating services, or other platforms carrying social stigma — revealed to contacts, family, or an employer. It can arise from a genuine data breach at the subscription platform, in which case the scammer holds real account data, or it can be an entirely bluffed mass campaign sent to email addresses with no actual connection to the named service.
Because many platforms in this category are ones people are reluctant to discuss even when accused falsely, the scam is effective at scale: even recipients with no account on the named platform may briefly panic, and those who do have an account face a more serious, credible-sounding threat.
How it works
In breach-based cases, criminals obtain a leaked customer database from a subscription or membership platform — sometimes purchased on dark-web forums — containing email addresses, partial payment details, or account activity. They then contact affected customers directly, citing specific account details to prove access, and demand payment to prevent the data being sent to the customer's contacts or published in a searchable leak database.
In bluff-based cases, scammers send the same threat template to large batches of email addresses with no actual breach data behind it, relying on the fact that a genuine breach of a stigmatised platform did occur at some point and that some percentage of recipients will have an account there and panic without demanding real proof.
In both cases, the message pressures the victim with a short deadline and a demand for cryptocurrency payment, framing it as the only way to prevent the subscription history reaching contacts, family, or an employer.
Why this scam works
The scam exploits both the social stigma attached to certain subscription categories and the widespread, accurate knowledge that data breaches at such platforms have genuinely occurred in the past, which lends credibility to even a fabricated threat. Victims fear judgment from family or professional consequences from an employer far more than they fear the modest cost of the demanded payment.
The combination of shame and a plausible-sounding technical basis — 'your data was found in a breach' — discourages the sceptical, verification-focused thinking that would otherwise expose a bluff.
A typical pattern
The victim receives a message claiming that the sender has obtained records of their subscriptions or purchases on a platform the victim would prefer to keep private — an adult content subscription service, a dating platform, or a niche paid community — either through a genuine data breach of that platform or through a bluffed claim of access. The message lists a plausible-sounding detail, such as the name of the platform or an approximate signup date, to add credibility, then threatens to send the full purchase or subscription history to the victim's email contacts, family members, or employer unless a payment is made within a short deadline. In many cases the scammer has purchased a batch of email addresses from an unrelated breach and is simply guessing that a percentage of recipients hold an account on the named platform, sending the same threat to a large number of people regardless of whether they have ever used the service.
Common red flags
- Threat cites only the name of a platform with no specific, verifiable account detail
- Message is generic and could apply to any recipient regardless of actual subscription history
- Demand for cryptocurrency payment with a short deadline
- Threat to contact your employer or family specifically
- No option offered to verify the claim through the platform itself
- Same or near-identical wording reported by unrelated recipients online
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
"Your account on [PLATFORM] was part of a data breach. I have your full subscription and purchase history. Pay [AMOUNT] in Bitcoin within 48 hours or it goes to your contacts."
"We found your email linked to a private membership site. Full billing history ready to send to your employer unless you pay [AMOUNT] today."
"This is your only warning. Your subscription records will be published in a searchable database unless payment is received by [DEADLINE]."
Common variations
- Genuine-breach variant: scammer holds real leaked account data from a confirmed platform breach
- Blind-bluff variant: scammer has no real data and sends the same threat to a large batch of unrelated email addresses
- Partial-proof variant: scammer shows a partial account detail, such as a masked payment card number, to appear credible
- Employer-targeting variant: threat specifically names the victim's workplace as the intended recipient of the exposure
- Escalating-installment variant: an initial smaller payment is demanded with the threat of a larger, more damaging release if ignored
How to verify before you act
Check whether the platform named in the threat has a publicly confirmed data breach, and if so, whether your specific account was listed as affected — breach-notification services can sometimes confirm this. If the scammer cannot produce specific, verifiable detail beyond the platform's name, the threat is very likely a mass-sent bluff.
If you do not have or have never had an account on the named platform, the message is certainly a bluff sent indiscriminately, and can be safely ignored and reported.
Payment methods used
- Cryptocurrency
- Bank/wire transfer
- Gift cards
- Money transfer services
- Payment apps to 'friends & family'
Who is usually targeted
- Users of adult content or dating subscription platforms
- Customers of platforms that have suffered a publicised data breach
- General public recipients of mass-scraped or breached email lists
What to do immediately
- Do not pay or respond to the sender
- Check whether the named platform has a confirmed breach and whether your account was affected
- Change your password and enable two-factor authentication on the named account if it exists
- Search the exact wording of the message online to check for other reports
- Report the message to your national fraud reporting body
- Consider using a dedicated email address for sensitive subscriptions going forward
How to prevent it
- Use a dedicated email address for sensitive or stigmatised subscription services, separate from your main personal or work email
- Enable two-factor authentication on subscription and membership accounts where available
- Check your email address against breach-notification services periodically
- Do not reuse passwords across subscription platforms and other accounts
- Treat any threat citing only a platform name, with no verifiable specific detail, as a likely mass-sent bluff
- Avoid paying — payment does not reliably prevent further demands and confirms the address is being monitored
Evidence to preserve
- Full copy of the threatening message including headers
- Any account or payment details cited as proof
- Payment address or method requested
- Date and time the message was received
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do I know if this threat is based on a real breach or a bluff?
Check whether the named platform has a publicly confirmed data breach and whether specific, verifiable detail is provided beyond the platform's name. A message with no specific proof, sent to an address with no actual account on that platform, is a bluff.
Should I pay to avoid the risk, even if I'm not sure it's real?
No. Paying does not reliably stop further demands and confirms your email is actively monitored, inviting repeat targeting.
What if I really do have an account and the details seem accurate?
Change your password immediately, enable two-factor authentication, and report the extortion attempt rather than paying. Genuine breach victims are still protected by the same advice against paying extortion demands.