BreachForums, a popular hacking forum where users can sell, leak, or share stolen data or information, was seized this week by the FBI, DOJ, and international partners. Because none of the governments have issued any press releases or statements yet, there is much that has yet to be confirmed or disconfirmed, but on Wednesday, a splash screen appeared.
The image said “We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us: t.me/fbi_breachforums breachforums@fbi.gov breachforums.ic3.gov “
The splash screen also showed the avatars of the forum administrator (“Baphomet”) and forum owner (“ShinyHunters”) with the two appearing behind bars. ShinyHunters would later announce that Baphomet had been arrested and his Telegram channel and the forum’s Telegram chat channel had been taken over by the FBI.
Recovered?
By the next morning, the government splash screen had been replaced with an “under maintenance” note and a pointer to a new Telegram chat channel for the forum. The FBI remained in control of other Telegram channels, but ShinyHungers’ account had not been seized and he reported that he had regained control of the forum’s domain and backup.
Without any statement from the government, the situation remains somewhat confusing.
What next?
This is not the first time an incarnation of this forum has been seized. The original forum, RaidForum, was seized in 2022. The owner, known as “omnipotent,” was arrested in the UK and is still awaiting a decision as to whether he will be extradited to the U.S. After RaidForum was seized, one of the users, “Pompompurin,” opened the first BreachForums. He was arrested in March 2023, and that forum was seized in June 2023. The administrator, “Baphomet” took over, and with well-known threat actor “ShinyHunters,” they opened the second version of BreachForums.
Will there be a third version? Probably. But if the new forum admins are smart, they might want to avoid sensitive government data leaks that are likely to get them seized.