Brand New Tube, an alternative video-sharing platform, has 347,388 records indexed by leaksear.ch from a breach dated August 14, 2022, exposing account identifiers, IP addresses, personal profile data and unsalted SHA-1 password hashes (leaksear.ch metadata). Have I Been Pwned lists the same incident as an August 2022 breach affecting almost 350,000 subscribers (haveibeenpwned.com).
What happened
Have I Been Pwned reports that Brand New Tube suffered a data breach in August 2022 and that exposed data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages (haveibeenpwned.com). leaksear.ch metadata places the breached date on August 14, 2022 and the index date on June 16, 2026 (leaksear.ch metadata).
The HIBP breach entry reports the incident and compromised data classes, but it does not identify an intrusion method such as ransomware, scraping, a third-party compromise, or a misconfigured database. The leaksear.ch metadata also does not identify a compromise vector, so the method of compromise should be treated as unconfirmed (leaksear.ch metadata).
What data was exposed
According to leaksear.ch indexing metadata, searchable pivots in this source include address, email address, hashed password, IP address, name, phone and username (leaksear.ch metadata). The records also carry non-searchable account context such as profile data, account status flags, age and gender fields, avatar and cover fields, country and language fields, device and push-notification token fields, donation PayPal email, social profile fields, registration and last-active timestamps, two-factor and verification flags, wallet and monetization-related fields, and upload/account limits (leaksear.ch metadata).
Have I Been Pwned additionally lists private messages as a compromised data class for the breach (haveibeenpwned.com).
Why this matters
The combination of email addresses, usernames, names, phone and address fields, IP addresses and profile metadata gives attackers enough context for targeted phishing or account-recovery scams against people who used the service. The password hashes are also material: OWASP advises that SHA-1 is a legacy, less secure algorithm for password storage, and that fast hashes make large-scale guessing cheaper when password hashing best practices are not followed (cheatsheetseries.owasp.org). Users who reused their Brand New Tube password should change it everywhere it was reused and enable two-factor authentication where possible. If you used Brand New Tube, use the check below to see whether your data appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, email, hashed password, ip address, name, phone, and username.