BreachForums, the notorious cybercriminal marketplace that’s used for trading, leaking, and selling stolen data, is now offline, showing a persistent “502 Bad Gateway” error on both its clearnet and onion versions. What happened?
BreachForums has, of course, survived multiple FBI seizures since 2022, hopping domains each time.
It remains to be seen whether the cybercriminal forum will once again bounce back after its latest incarnation, breachforums[.]as, was knocked offline over the weekend.
But the Cyber Counter-Intelligence Threat Investigation Consortium (CCITIC), a non-profit organization that investigates cyber threats to assist authorities, claims it was they who struck BreachForums, and that it could be the final blow to the marketplace.
In a LinkedIn post, CCITIC said this wasn’t a bug – it’s a takedown. The organization said it managed to identify the upstream servers behind BreachForums, all hosted on a DigitalOcean data center in Frankfurt.
CCITIC then filed multiple abuse reports, and DigitalOcean, a US cloud service provider, “pulled the plug” on the servers.
“And this is not a one-off. In just 9 days, CCITIC had already secured 3 takedowns of the Lapsus$ website, before turning its sights on BreachForums. The pace is set,” said the organization.
“The ecosystem is fracturing, and trust among threat actors is collapsing. The key takeaway: you don’t need to be the FBI to take action. Rigorous OSINT work, backend server identification, a well-documented abuse report sent to the right hosting provider – and a cybercriminal forum goes down.”
Again, BreachForums has consistently been rather persistent, in one form or another. However, it’s all been quite dramatic on the dark web lately.
In January, for example, an individual using the moniker “James” published a database containing detailed information on 323,986 BreachForums users on a website seemingly named after the ShinyHunters extortion group.
The database included usernames, email addresses, IP addresses, registration dates, and other metadata that could help law enforcement agencies worldwide potentially identify and prosecute members of the notorious hacking community.
This particular BreachForums leak has fueled accusations of honeypots and insider betrayal, reinforcing a growing distrust of underground platforms and triggering rivalry between threat actors publicly playing out on Telegram and other channels.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked