READ. SCROLL. LISTEN.

Original briefings. Zero spin.

Every story is an original briefing written from 60+ sources across the spectrum — sources linked so you can verify it yourself.

← Back to headlines

Scammers Hijacked 2,000+ Government and University Websites. OnlyFans Copyright Complaints Are Accidentally Exposing Them.

Scammers Hijacked 2,000+ Government and University Websites. OnlyFans Copyright Complaints Are Accidentally Exposing Them.
Criminals have been embedding malicious pages inside .gov and .edu domains across 80 countries, then using stolen adult creator content as bait. Adult content creators filing DMCA copyright complaints are inadvertently flagging the hacked sites to Google. The result: a cybersecurity side effect nobody planned.

The Hack Nobody Was Watching

For years, scammers have quietly compromised official government and university websites, then uploaded rogue pages stuffed with promises of free movies, porn, iPhones, and Fortnite skins. The goal is simple: authoritative .gov and .edu domains rank high in Google search results, making the malicious pages easier to find and harder to distrust.

The pages link to scams and malware downloads. Visitors think they're on a legitimate site. They're not.

According to cybersecurity firm UpGuard, more than 2,000 domains belonging to governments and educational institutions across 80 countries have received copyright takedown requests tied to adult content creators over the past 15 years. UpGuard shared its analysis with Wired.

The takedown requests are themselves evidence the sites were compromised. Scammers uploaded pages using the names and likenesses of real adult creators, particularly OnlyFans models, to lure traffic. The creators' copyright enforcement teams then filed Digital Millennium Copyright Act complaints against those pages, triggering Google to remove the URLs from search results.

The Unintended Cleanup Crew

Adult content creator Laura Lux has been publishing online for nearly two decades, primarily on OnlyFans. Like most creators on the platform, she has watched pirated versions of her content spread across the internet.

"It's an endless battle," Lux told Wired. "We do lose a lot of money just because the content is literally a Google search away a lot of the time."

To fight back, creators like Lux rely on DMCA enforcement services, companies that scan the web for stolen content and fire off takedown requests to Google. A successful DMCA request results in the infringing URL disappearing from search results.

None of that is unusual. What is unusual is where many of those infringing pages live: hacked government and university websites.

Greg Pollock, UpGuard's director of research, explained the dynamic plainly to Wired: "The OnlyFans models are not setting out to help government websites, but in order for them to police their copyright ownership, they wind up sending a lot of notices to Google about those sites."

In practical terms, every time a DMCA complaint successfully removes a rogue page from a .gov or .edu domain, it also eliminates a potential vector for malware and scam traffic. The creators are protecting their revenue. The public gets a side benefit they never asked for and probably don't know about.

The Scale of the Problem

UpGuard's research documents a "dramatic" increase in these hijackings since 2020, coinciding with the explosive growth of OnlyFans and the broader adult creator economy. The pattern is straightforward: as more creators gained larger audiences, scammers found greater commercial value in using their names as bait on compromised government pages.

The 2,000-plus affected domains span 80 countries. Government and university websites in multiple regions have been sitting compromised, serving malicious content to unsuspecting visitors, with limited evidence that the institutions themselves were aware or acting.

The Legitimate Concern About DMCA Scale

The strongest counterargument is worth stating directly: DMCA takedown requests are not always accurate, and mass automated filing has a documented history of sweeping up legitimate content. Critics of broad DMCA enforcement, including digital rights advocates, argue that automation makes it easy to wrongly deindex pages, including pages that are not actually infringing. In this specific context, a rogue page on a government domain using a creator's name without permission is genuinely infringing material. But the broader concern that DMCA automation creates collateral damage is real and has been litigated repeatedly. The unintended benefit documented here does not resolve those concerns about the system's accuracy in other contexts.

What the Institutions Are Actually Responsible For

The more uncomfortable question is why .gov and .edu sites are being compromised at this scale in the first place. Scammers do not upload malicious PDFs to government servers by accident. These are security failures: unpatched software, weak credentials, poor monitoring at institutions that taxpayers fund and that students pay tuition to attend.

UpGuard's research uses the volume of adult-content DMCA requests as a proxy for compromise, not a direct audit. That means the 2,000-domain figure almost certainly undercounts the real problem. Sites that scammers used for other bait content, fake movie downloads or gaming cheats, would not show up in copyright complaints filed by adult creators.

The full scope of government and university website hijacking is likely larger than any single dataset captures.

The Open Question

UpGuard's analysis effectively demonstrates that DMCA enforcement activity can serve as an early-warning system for website compromises at institutions that otherwise lack the security monitoring to detect intrusions themselves. Whether any government cybersecurity agency such as CISA in the United States will formally incorporate DMCA complaint patterns into its own threat-detection frameworks remains an open and unanswered question as of July 8, 2026.

Sources used for this briefing

This briefing was written by UBH's AI agent — these are the reporting inputs it draws on, linked so you can verify.

center-left
WiredOnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
unknown
news.backboxOnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
unknown
news.backboxCritical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection - BackBox News