Personal Data of 3 Million BitChute Users Sold by Hackers

By Miklos Zoltan . 8 August 2022

Founder - Privacy Affairs

2 Comments

Personal data of close to 3 million BitChute users are being sold on a popular hacker forum for $4,000. The data is sold by a hacker or group of hackers known as Pompompurin.

The threat actor known as “Pompompurin” claims to possess personal data, including passwords, on a total of 2,988,494 BitChute.com users.

Pompompurin is willing to sell the whole database for $4,000.

Highlights:

A hacker known as Pompompurin is selling the personal data – including passwords – of close to 3 million BitChute users

Affected data includes usernames, full names, passwords, email addresses, websites, channel descriptions, registration, and latest IP address

Pompompurin is the same hacker or group of hackers who are suspected to be behind the 2021 FBI hack

After being analyzed, the hacker released a sample that suggests that the information and the leak are genuine.

Pompompurin did not disclose how they obtained this data.

Pompompurin is also suspected to be behind the November 2021 FBI data breach.

The breach affects a total of 2,988,494 users of the streaming platform BitChute.

The information includes usernames, full names, passwords, email addresses, websites, channel descriptions, registration, latest IP address, YouTube Channel ID, and date joined.

We have reached out to BitChute for comments on this alleged data breach.

Pompompurin was behind the November 2021 FBI hack

Pompompurin is a hacker or group of hackers who, in the recent past, was responsible for a series of high-profile hacks and data breaches. They are usually active on various dark web forums.

In November 2022, hackers breached an FBI email server sending out fake emails to over 100,000 recipients.

Pompompurin claimed responsibility for this attack in an interview given to security researcher Brian Krebs.

Connection to the 2021 Robinhood data breach

Pompompurin is also responsible for a 2021 high-profile data breach against the trading platform Robinhood.

In November 2021, the popular trading platform Robinhood was hacked. Robinhood released a statement acknowledging the hack and disclosing what type of data was affected.

On November 10, on a popular hacker forum, Pompompurin claimed that Robinhood’s statement was incomplete and the trading company didn’t disclose that ID card data was also affected in the hack.

This hinted that Pompompurin was also responsible for the Robinhood hack.

Contacted by Privacy Affairs, a Robinhood spokesperson confirmed that ID cards were indeed exposed but affected only a few individuals.

Robinhood confirming this information indicated that Pompompurin’s claims on the hacker forum appear to be accurate and that he or they were behind the attack.

What is BitChute?

BitChute is an alt-tech video hosting service created in 2017. It is known for hosting controversial content, such as conspiracy theories and extremist political ideologies, that usually are banned on other platforms such as YouTube.

BitChute was also accused of hosting content classified as misinformation during the pandemic.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan

2 Comments

Melahi

August 28, 2022 4:05 pm

Why don’t platforms like Bitchute and BNT store and check passwords in encrypted form so that there is no reverse decryption? That would make it useless for hackers.
- Miklos Zoltan
  
  September 7, 2022 11:03 am
  
  I guess many companies just don’t take security that seriously, unfortunately.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Personal Data of 3 Million BitChute Users Sold on Hacker Forum

Pompompurin was behind the November 2021 FBI hack

Connection to the 2021 Robinhood data breach

What is BitChute?

Our Mission

Miklos Zoltan

2 Comments

Leave a Comment Cancel