nice1

(August 14, 2022, 06:25 PM)Fuckery Wrote:

Hello BreachForums Community,
Today I have uploaded the BrandNewTube (2022) Database for you to download, thanks for reading and enjoy!

Image unavailable

In approximately August 2022, the Alt-Right Video sharing platform BrandNewTube suffered a data breach that impacted 347k members. The breach included Email addresses, Private messages, Videos posted, Comments, IP Addresses, Genders, Usernames and Passwords stored as SHA-1 hashes. Due to BrandNewTube using an outdated hashing method, it allowed many passwords to be rapidly cracked. The breach occurred because of a 2 year old vulnerability, which was the same way it was hacked back in 2020. The website was breached by the same threat actor in both instances, @thrax.

Compromised data: Email addresses, Private messages, Videos posted, Comments, IP Addresses, Genders, Usernames, Passwords

ContentsSpoiler

The .7z File's MD5 Hash is 7C7571320382AA65DEEFADFE8F89C44C. In total, there are 347550 records.

The download for this Thread is free.
https://cdn.breached.to/share/BrandNewTube2022_BF.7z

Database Index <> How To Get Credits

intersting lol

Hey got telegram?

I attach My Media World Limited's most recent accounts. That is the company that owns and operates Brand New Tube. TLDR 300K in debt and negligible cash reserves.

CC @thrax and @fuckery .

We have found out some valuable information regarding BrandNewTube. We wouldn't have bothered at this point, if your incredibly childish company didn't continue to literally call us pedophiles because we hacked your shitty site.

We recently found out that BrandNewTube has been retaining identification cards on their CDN that were used for account verification requests. These images date back to mid-2020, as early as June from our quick search.

We recommend that BrandNewTube read Article 5(1)(e) of the UK GDPR: https://www.legislation.gov.uk/eur/2016/679/article/5

Personal data shall be:
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

Once you've verified the individual's identity, simply put, you don't need the ID card anymore. And we all know random people's identity cards stored by a video site don't fit under any of those exception categories.

So, would BNT care to explain their shameless breaking of UK law? Would they like to tell us why they store such personal information as people's *personal identity cards* illegally?

I hope many people weren't stupid enough to submit their passports and ID cards to a site such as BNT, and if they were... Well, that's very unfortunate for you.

If people don't believe us, we will send a link, directly from BNT's CDN, that contains a drivers license from the state of California in the US. We have already forwarded the link to @DedSonia, but will not hesitate to send it to other individuals as well to prove our point.

Thanks @fuckery and @thrax. I have just shared the evidence with some interested journalists and political enemies of Brand New Tube.

It is past midnight now, but knowing those people things will start happening around 9am UK time.

Looks like some platform promotion company has gotten a hold of this breach and started recommending two other shitty sites via email; OurTube and UGETube. Whoever you are, you're retarded.

Matthew Hopkins News has started talking about BrandNewTube's recent breach of many identities:

http://matthewhopkinsnews.com/?p=8559

Important quotes:
"There are thousands of ID documents. Anyone who has ever monetised at BNT as far as we can tell. All available online without so much as a password prompt."
"based on information MHN received from a whistle-blower last night, BNT’s disclosures on the scale of its security problems and the recent hack are seriously incomplete. Right now, if you have ever uploaded an identity document to BNT for monetisation, it is likely available online."
And probably many more, but we just briefly skimmed the article. I'd recommend reading the whole thing.

We applaud MHN for their incredible reporting on BNT and their willingness to work with us. Keep on doing what you do.

It's all a conspiracy! We're totally coming back online any day now! We have jew gold investment in our shitty alt-shite video platform! :kappa:

I'm also here due to the email. Thanks @thrax and @Fuckery for doing that; I can't even imagine the amount of time it must have taken. I only just saw my email as it went straight to spam, which I rarely check. I think I signed up shortly after they started only to wind up disappointed as it wasn't quite what it was advertised to me. Sounds like the owners of BNT are pretty much shite as well!

Thanks again for the head's up!

ETA: Also, I'm trying to figure out how to view the SQL files but nothing I'm trying is working. Is there a program that this board recommends for viewing them?