Here’s an unlikely security story: adult content creators, in their relentless war against pirated material, have become an accidental early-warning system for compromised government and university websites. A new analysis from cybersecurity firm UpGuard, shared with WIRED, lays out how millions of copyright complaints have collided with one of the internet’s oldest weak spots — insecure .gov and .edu domains.
The mechanics are grimly familiar. Scammers hijack official websites, exploiting weaknesses in their publishing systems to upload malicious pages and PDFs. Because these domains carry authoritative names, they rank high in Google search results. For years the bait was free movie downloads, iPhones, or Fortnite skins. Increasingly, the lure is the name of a popular OnlyFans creator paired with promises of a “biggest leak yet.” Click the link and you won’t find leaked photos — you’ll be redirected to scammy dating pages, malware, or advertising schemes designed to pay out to the fraudsters.
The numbers are striking. According to UpGuard’s Greg Pollock, more than 2,000 domains belonging to governments and educational institutions across 80 countries have received copyright takedown requests linked to adult creators over the past 15 years. Since 2011 there have been 384,286 takedown requests, covering 631,193 URLs, sent to government and education sites — the vast majority in the last few years. Google appears to have removed around 130,000 of those URLs, taking no action on roughly 460,000.
For context, that’s a rounding error against the more than 17.9 billion requests Google has fielded across over 6 million domains since 2011. But the concentration matters.
The twist is that the takedowns work — sort of. “Because there’s no real visibility of the asset outside of Google,” Pollock explains, removing the search result effectively neutralizes the scam. And monitoring for the names of well-known models could give understaffed security teams a signal that their infrastructure has been breached.
Creator Laura Lux, whose name has surfaced on compromised domains, takes it in stride. The source lists Bangladesh, Colombia, India, Nigeria, the US, and Peru among the countries where compromised sites have turned up. Told her copyright battle might be flagging breaches to sysadmins, she offers the perfect summary: “I guess sex workers save the world again.”