(September 25, 2022, 06:35 AM)pompompurin Wrote: Stop saying that on every thread lmao
I doubt he’d cover this tbh

(September 25, 2022, 03:21 AM)pompompurin Wrote:

(September 25, 2022, 03:20 AM)thrax Wrote:

(September 25, 2022, 03:17 AM)pompompurin Wrote: Do you have the full config?

If you do you could tweet as everyone who signed up via Twitter (Assuming Clickasnap asked for those rights), as it has the twitter_access_token and access_token_secret

Just need the two other values from their config, would either be in a script or a main config file

Unfortunately not, we only have the database credentials.

Still amazing breach, GG

# id, name, key, secret, enabled, app_id
'3', 'facebook', '256242761711716', '23e5429e5525a26dc625a234cf8e7551', '1', '256242761711716'
'4', 'twitter', 'uZ1ArhIhZ3xYsnQXrOdL75hLY', 'GwwJjvgaHlQyC14DSC6otnYQThpWHY6c0aiz23k9zwDI5wQ9l0', '1', NULL
'5', 'google', '44656513806-slj3nthcg5hsuajlaesfs0q94cdjbbk1.apps.googleusercontent.com', '40D1WN0EpsVJN_hV73ef6hFv', '1', NULL
'6', 'instagram', 'aa8cadd444ba4fe8af78327ae5f87f14', '6485e72921724cb29356166269a24152', '1', NULL
'7', 'pinterest', '5023317962870796452', '8ab43e0034f2e3bdcb2df4cf40b022be885853c3115e46fadd5963042df13c60', '1', NULL

(September 25, 2022, 01:46 PM)TPAXXTOP Wrote: tell me the hash decryption algorithm, which one to put in the hashcat? Or is there just not enough salt?

(September 25, 2022, 06:30 AM)pompompurin Wrote:

(September 25, 2022, 04:38 AM)i6vic Wrote:

(September 25, 2022, 03:01 AM)thrax Wrote:

Hello BreachForums Community,
Today I have uploaded the ClickASnap Database for you to download, thanks for reading and enjoy!

Image unavailable

In approximately September 2022, the Image sharing website ClickASnap suffered a data breach that impacted 3.3 million members. The breach included Full names, Email addresses, Social media profiles, Physical addresses, Orders made and Passwords stored as SHA512 hashes (Bcrypt Passwords for forum users). The website was breached by @thrax -- "I was able to breach the database through leaked Amazon RDS credentials". The website was also defaced as a result.

Compromised data: Full names, Email addresses, Social media profiles, Physical addresses, Orders made, Passwords

ContentsSpoiler

The .7z File's MD5 Hash is EF66A35E82DDB404C0F9CE0542E066FA. In total, there are 3307309 records. The file is 2.7GB uncompressed and 538.76MB compressed.

Database Index <> How To Get Credits

The link always says Failed to download, any suggestions?

are you on tor?

If so don’t use it, tor is unstable due to DDoS currently

If not, it’s your service provider. Everytime we get complaints it’s due to people using tor or slow internet

(September 25, 2022, 04:15 PM)thrax Wrote:

(September 25, 2022, 03:21 AM)pompompurin Wrote:

(September 25, 2022, 03:20 AM)thrax Wrote:

(September 25, 2022, 03:17 AM)pompompurin Wrote: Do you have the full config?

If you do you could tweet as everyone who signed up via Twitter (Assuming Clickasnap asked for those rights), as it has the twitter_access_token and access_token_secret

Just need the two other values from their config, would either be in a script or a main config file

Unfortunately not, we only have the database credentials.

Still amazing breach, GG

False alarm, they stored it in the DB, assuming these are what you're talking about.

# id, name, key, secret, enabled, app_id
'3', 'facebook', '256242761711716', '23e5429e5525a26dc625a234cf8e7551', '1', '256242761711716'
'4', 'twitter', 'uZ1ArhIhZ3xYsnQXrOdL75hLY', 'GwwJjvgaHlQyC14DSC6otnYQThpWHY6c0aiz23k9zwDI5wQ9l0', '1', NULL
'5', 'google', '44656513806-slj3nthcg5hsuajlaesfs0q94cdjbbk1.apps.googleusercontent.com', '40D1WN0EpsVJN_hV73ef6hFv', '1', NULL
'6', 'instagram', 'aa8cadd444ba4fe8af78327ae5f87f14', '6485e72921724cb29356166269a24152', '1', NULL
'7', 'pinterest', '5023317962870796452', '8ab43e0034f2e3bdcb2df4cf40b022be885853c3115e46fadd5963042df13c60', '1', NULL

(September 25, 2022, 01:46 PM)TPAXXTOP Wrote: tell me the hash decryption algorithm, which one to put in the hashcat?  Or is there just not enough salt?

I'm sorry, but I don't know. We're looking into it, though.

(September 25, 2022, 03:01 AM)thrax Wrote:

Hello BreachForums Community,
Today I have uploaded the ClickASnap Database for you to download, thanks for reading and enjoy!

Image unavailable

In approximately September 2022, the Image sharing website ClickASnap suffered a data breach that impacted 3.3 million members. The breach included Full names, Email addresses, Social media profiles, Physical addresses, Orders made and Passwords stored as SHA512 hashes (Bcrypt Passwords for forum users). The website was breached by @thrax -- "I was able to breach the database through leaked Amazon RDS credentials". The website was also defaced as a result.

Compromised data: Full names, Email addresses, Social media profiles, Physical addresses, Orders made, Passwords

ContentsSpoiler

The .7z File's MD5 Hash is EF66A35E82DDB404C0F9CE0542E066FA. In total, there are 3307309 records. The file is 2.7GB uncompressed and 538.76MB compressed.

Database Index <> How To Get Credits

(September 27, 2022, 01:49 AM)vkad Wrote: Thanks man. Is this the full SQL?