
The latest incarnation of BreachForums has met the fate of its predecessors, ending up in the hands of law enforcement authorities.
BreachForums, a popular data leak forum attackers use to share stolen data, has been seized by law enforcement. The website’s users are now greeted with a seizure notification.
“This website has been taken down by the FBI and DOJ with assistance from international partners,” reads the notice.
The FBI’s notice also claims that law enforcement had access to the website’s backend data, which the authorities are supposedly reviewing. A Telegram channel that was used for communications also appears to have been seized by the FBI.
The FBI has launched a website for victims whose data ended up on BreachForums. According to the website’s description, the version of the website that was seized operated from June 2023 until May 2024.
BreachForums has suffered multiple blows recently from both authorities and rivals. In March 2023, federal agents arrested Conor Brian Fitzpatrick, known as Pompompurin, a suspected former curator of the forum.
Then, the forum went offline but was later revived by the current admin, Baphomet. The hacker repository vx-underground announced that a notorious hacker gang, ShinyHunters, took over the site on June 2nd, 2023. Then, the new BreachForums site got hacked, and its user database was stolen and published. Baphomet might have been arrested on Wednesday, too.
The natural question now, says Michael McPherson, senior vice president of security operations at ReliaQuest, is what happens next.
“With the likely seizure of servers and domains associated with the forum, law enforcement will have significant intelligence opportunities,” said McPherson, an ex-FBI agent.
“While details are sparse at this time, users of the site will likely have significant concerns over their own operational safety, with the FBI likely in possession of material that could be used to provide attribution of members.”
According to McPherson, it certainly is possible for the ShinyHunters group to attempt to restore the forum – but there will naturally be suspicions over law enforcement compromise.
“This was a sentiment observed on many cybercriminal sites in the aftermath of law enforcement operations targeting ransomware groups, including LockBit. Other sites established to act as a successor to BreachForums will also face this scrutiny from potential members, over risks that the sites are being used as honeypots,” said McPherson.
Your email address will not be published. Required fields are markedmarked