
ShinyHunters and IntelBroker have been busted, but BreachForums might be resurrecting anyway.
Cybernews has received an email claiming that the notorious hacker marketplace – BreachForums – is once again going to be reestablished, starting July 1st.
BreachForums suddenly went dark in mid-April, prompting a flurry of speculation across dark web forums and Telegram channels. Some suspected law enforcement action. Others pointed fingers at rival hackers. A hacktivist group called Dark Storm even claimed responsibility, without any proof.

On April 28th, ShinyHunters re-emerged briefly to post a PGP-signed statement on the site’s front end, blaming a MyBB zero-day vulnerability and alleging that government agencies had tried to access the site’s database.
BreachedForums briefly reappeared at the beginning of June with a new domain, “breach-forums.st,” with ShinyHunters supposedly claiming that the forum was growing and gaining a lot of traction.
“I want to clarify that no member of our team has been arrested,” wrote ShinyHunters at the time. At the time of publication, the website under this domain is unreachable.

Despite the claims, reports from French authorities have confirmed speculations about the arrest. They reportedly bagged five alleged BreachForum operators in a coordinated sweep. Among those cuffed were four notorious hackers who go by the online aliases “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.”
US prosecutors have charged a British national, Kai West, with data theft and related cybercrime offences, and are seeking to extradite the alleged hacker from France, the US Justice Department said.
Under the digital identity ShinyHunters, he is believed to have operated BreachForums since the 2023 arrest of its previous administrator, Pompompurin. ShinyHunters have previously listed stolen data from Santander, AT&T, and Ticketmaster.
For months, rumors circulated that another well-known threat actor, "IntelBroker," had also been arrested in February by French authorities.
Known for multiple high-profile breaches and data leaks, in 2024, IntelBroker claimed attacks on Tesla, Apple, AMD, and before that, HomeDepot, General Electric, PandaBuy, the US Citizenship and Immigration Services (USCIS), and Facebook Marketplace.
“ShinyHunters and IntelBroker have been arrested. With them, the servers and database were seized, and they are now in the hands of US and French authorities,” reads the email that Cybernews received.
The email also claimed that the rumour about the MyBB zero-day vulnerability was “disinformation.”
“ShinyHunters posted it to buy time, hoping IntelBroker would return and restore the forum,”
writes a threat actor presenting themselves as Jaw.
The threat actor urged the forum users not to reuse old usernames or identities for security reasons.
Your email address will not be published. Required fields are markedmarked