BreachForums v1: Explosive Data Leak Unveils Members’ Confidential Information on Hacking Forum

Imagine this: a notorious hacking forum’s user data gets leaked, exposing the identities of those who trade and sell stolen information. This is exactly what happened with the BreachForums v1 from 2022, providing valuable insight into its users for both cybercriminals and security researchers.

For those who may not know, there have been multiple forums operating under the name BreachForums. These online communities serve as gathering places for hackers and data thieves to exchange and sell data stolen from various companies. It’s like a black market for stolen information.

The first forum to gain notoriety was RaidForums, which was eventually seized by the FBI in 2022. To fill the void, a cybercriminal known as Pompompurin launched BreachForums (aka Breached). This forum quickly gained popularity, with its users leaking massive amounts of stolen data, including information from the U.S. Congress’ healthcare provider D.C. Health Link, RobinHood, and Twitter.

However, the party didn’t last long. The FBI arrested Pompompurin, whose real name is Conor Fitzpatrick, in March 2023 after the D.C. Health Link data leak. Since then, multiple versions of the forum have been created and seized by law enforcement. The latest version, launched by a hacker called ShinyHunters, is still operational today.

Now, let’s talk about the recent data leak involving BreachForums 1.0, the original site created by Fitzpatrick in 2022 and later seized by the FBI in 2024.

Unmasking the Hackers: BreachForums 1.0 Data Leaked

Last week, a notorious threat actor named Emo leaked the personal information of 212,414 members of BreachForums 1.0.

Emo claims that the data came directly from Fitzpatrick, who allegedly tried to sell it for $4,000 in June 2023 while out on bail. According to Emo, three other threat actors eventually purchased the data.

Fitzpatrick was arrested again in January 2024 for violating the terms of his pretrial release conditions, which included using an unmonitored computer and a VPN. It’s unclear if this was related to his attempted sale of the BreachForums data.

In an interesting twist, someone going by the name ‘breached_db_person’ attempted to sell the forum database for a whopping $100,000 – $150,000 on a hacking forum in July 2023.

The seller also shared the data with Troy Hunt, who confirmed it contained the same information leaked by Emo and other database records. Hunt added the information to the Have I Been Pwned data breach notification service.

Emo informed us that the leaked data comes from a November 2022 BreachForums database backup, which was the last one uploaded to Fitzpatrick’s MEGA account.

The leaked data includes forum members’ user IDs, login names, email addresses, registration IP addresses, and the last used IP addresses when visiting the site.

After analyzing the database, we confirmed that it contains accurate information of many researchers who had accounts on the original BreachForums. The data appears to be a manual export, as it’s not in the typical MyBB forum database format but rather exported as tab-separated values.

While it’s likely that law enforcement already has this database after seizing the forum, the leaked data could still prove useful for security researchers looking to build profiles of cybercriminals.

By examining the leaked email addresses and IP addresses, researchers and law enforcement can potentially link BreachForums members to other sites, their geographic locations, and even their real names. It’s worth noting that the RaidForums database, containing data of 478,000 members, was also leaked online in May 2023.

So, what does this all mean for you? The world of cybersecurity is a complex and ever-evolving landscape. Staying informed and vigilant is crucial in today’s digital age. Keep coming back to learn more about the latest developments in cybersecurity and how to protect yourself and your organization from potential threats.