You literally could not make it up. Last month the troubled video sharing site BrandNewTube.com (BNT) was hacked. As a result of the hack it emerged that Brand New tube had been retaining customer identity documents such as driving licenses since 2020 and publishing them online with no security or password needed to view them. The documents were finally taken down by BNT earlier this week. Today, I have been tipped off that with Baldrick like incompetence, BNT have republished them. I was tipped off three times, once by a fellow blogger, once by a whistleblower, and finally by a lengthy and profane post on the hackers’ web-forum, which is open for the world to see. Regardless, it is true. They have actually done it. Brand New Tube, under its CEO Muhammad Butt, has republished the user driving licenses. The hackers have used a third party page freezing / escrow service archive.ph to freeze a record of the URLs. It is incontrovertible. I think the Information Commissioner needs to terminate their business.
A profane but informative post on the hackers’ forum. Offensive portions and some links redacted by MHN.
In his bizarre official statement yesterday, Muhammad Butt, Brand New Tube CEO, looked far greyer than he did only two years ago. Picture used for the purposes of criticism of the video. Also, are those pictures in the painting behind him meant to be content creators or stolen user driving licenses?
Is this the plot for a new Graham Linehan, yes him, episode of The IT Crowd by any chance? It would make a pearler.
So let’s get this straight, it now is apparent BNT had material that it shouldn’t have had beyond the purposes of the time of verification [as per UK law]. BNT retained that information in the form of pictures of Identity documents accessible from it’s own database. Those documents were online in a publicly accessible CDN for 2 years and some had been archived. Then the CDN is changed and they populate up the new CDN with EVERYTHING from the old one despite warnings about the content being on the old one.
Is that right?
If so then not only are they in likely in very deep trouble for the original publication but I would hazard an educated guess that the ICO will also treat the 2nd CDN as a republication of documents that BNT never should’ve published to a public location in the first place.
BNT have not said anything to the public about this though other than what now appears to be a blatant lie by Butt. Why lie? Does he think that people can’t prove their claims? Does he think there isn’t enough evidence? Is he really that arrogant?
It is now beyond any reasonable doubt, in my opinion, that BNT had those documents all along.
I would hope that BNT do have a criminal lawyer and a very good one because I suspect they’re going to need one.
There are all sorts of levels of breaches but identity documents is just about the worst for a company and especially when it’s coupled with what appears to be a full database leak.
Why didn’t Butt come clean on this? Why the excuses and posturing? Anyone who has lost money or access to other things via identity theft as a result of his incompetence, despite the very clear warnings, is ultimately going to fall on BNT’s head?
The ICO and POLICE do have to shut BNT down, I agree, even if only temporarily and prevent Butt from posturing and exaggerating/making excuses to the public. He’s actually fatally damaging his own reputation and BNT brand, in my opinion by openly appearing to lie to the public. The BNT brand is already sullied by the hack, Butt has, my his own posturing etc, made it much worse a situation than it could’ve been in my opinion. If he thinks that making wild and unfounded allegations unrelated to the hack is going to fix the problems then he’s more deluded than I originally thought.
Please keep reporting on events, Sam, this actually needs much more exposure so that individuals who gave ID documents who may not even be on BNT anymore know about it.
p.s. as far as I can see this all has nothing to do with Sonia Poulton’s broadcasts and everything to do with BNT’s poor choices regarding IT.
Hope you’ve seen the latest Sam. Butt is now offering £20k “reward” for capture AND jailing of “the hacker”. Is Butt trying to be judge, jury and executioner? Isn’t it up to the police to progress anyway?
Smacks of sheer desperation on his part imo.
All rather creepy and the BNT tweet re “plot” this morning could be interpreted in other ways too.
[REDACTED for legal reasons, MHN]
If Butt has £20k to throw around in reward money then why wasn’t the security on BNT so much better?
I’d suggest, based on what is already obvious, that this is yet another desperate bluff on his part.
To be honest, Simon, Brand New Tube are allowed to fight back. I only hope they have spent so much money on upgrading their security.
Yes of course they are Sam, no one would say any different, the problem in my view is the nature of the posturing etc whilst investigations by authorities supposedly continue. It simply doesn’t give the right impression …
If the hackers are identified and dealt with by the authorities that is all well and good, kudos to the authorities for doing so as the hack was clearly illegal and Butt has every reason to be pissed off with them. However, they have highlighted a major set of holes in BNT’s security which could’ve been avoided had Butt taken previous warnings more seriously and not gone on another offensive after the original hack. We both know what happened there with threats from his lawyers based on wrong assumptions etc.
What concerns me is because of the aggressive nature of what has been said and hinted at, that even if caught the hackers would likely have a form of defence given the way BNT have described them in emails etc and it doesn’t appear to be being approached in a professional quiet patient manner that is supposedly being claimed.
It seems more soap opera than technical issues and Butt doesn’t seem to like people being critical of his behaviour etc whilst seemingly not really still appreciating what has actually been said. He denied earlier in the week being in possession of documents, that has clearly been proven to be false, whether he asked for them personally is not the issue and he needs to understand that and investigate his data better.
I still hope the ICO are making sure that any new version of BNT is much more secure than the previous version, which may of course turn out to simply be another off the shelf template with similar issues attached or an update to the existing one.
Only my opinions though.
To be fair to Butt, that was uncharacteristically moderate.
Moderate maybe, inciting others to speculate on identities and potentially land innocent people in trouble? Not so moderate imo. But his choice as long as he understands that pointing fingers in the wrong direction with criminal allegations would likely land him in trouble with the police especially after his previous OTT reactions to innocent individuals merely reporting on the issues.
I actually think that latest Rise video was more-or-less in bounds for once.
[Deleted by agreement of the poster pursuant to a complaint under s5 Defamation Act 2013]