FBI Shuts Down BreachForums: A Notorious Hacking Platform for Leaking Stolen Data

Not too long ago, the FBI seized the infamous BreachForums hacking forum, notorious for leaking and selling stolen corporate data to other cybercriminals.

This seizure happened shortly after the site was used to leak data stolen from a Europol law enforcement portal. Now, the website displays a message stating that the FBI has taken control of it and its backend data, indicating that law enforcement seized both the site’s servers and domains.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” reads the seizure message.

And it continues, “We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us.”

The message also shows the forum profile pictures of the site’s administrators, Baphomet and ShinyHunters, overlaid with prison bars. If law enforcement has indeed gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations.

The FBI also seized the site’s Telegram channel and other channels owned by Baphomet, with law enforcement sending messages stating it is under their control. In a Telegram message, the threat actor known as IntelBroker claims that Baphomet was arrested in the law enforcement operation.

The FBI is requesting victims and individuals to contact them with information about the hacking forum and its members to aid in their investigation. The seizure messages include ways to contact the FBI about the seizure, such as email, a Telegram account, a TOX account, and a dedicated page hosted on the FBI’s Internet Crime Complaint Center (IC3).

The notorious BreachForums

BreachForums was the successor of a string of hacking forums used to trade, sell, and leak stolen data, as well as sell access to corporate networks and other illegal cybercrime services.

The first of these sites was known as RaidForums, which initially launched in 2015 and became the largest site for distributing stolen data, commonly used by ransomware and extortion groups. The site was eventually seized by law enforcement, with the police arresting the owner known as “Omnipotent”.

Soon after, one of its more active members, Pompompurin, created a new forum called ‘Breached’ to fill the void left behind by RaidForums. The site quickly grew in popularity and was used by thousands of members to brag about their cybercrime activities and to leak and sell stolen data. However, the site drew law enforcement’s attention after one of its members, IntelBroker, leaked the stolen data of D.C. Health Link, a healthcare provider for U.S. House members, their staff, and their families.

Not too long after, Breached was seized by law enforcement, and its admin, Conor Fitzpatrick (aka Pompompurin), was arrested. Once again, those in this cybercrime community were left without a home, so one of Breached’s previous admins, known as Baphomet, teamed with ShinyHunters, a notorious seller of stolen data, to launch a new site named BreachForums.

Like the other sites, BreachForums quickly became popular with stolen corporate data being leaked from new breaches, including those on AT&T, 23andMe, Hewlett Packard Enterprise, Home Depot, Dell, PandaBuy, and The Post Millenial.

Today’s seizure message indicates that law enforcement has had access to the site’s servers, potentially for a long time, as they monitored threat actors’ activities. However, the breach that went too far may have been the recent leak of data stolen from Europol’s Platform for Experts (EPE) portal by a threat actor known as IntelBroker, forcing law enforcement to take action.

What you can do

As the world of cybersecurity continues to evolve, it’s crucial to stay informed and vigilant. By understanding the risks and staying up-to-date with the latest news and developments, you can better protect yourself and your organization from cyber threats.

We encourage you to reach out to us for more information on cybersecurity and to keep coming back to learn more about the latest trends and threats in the digital world.