FBI seize BreachForums hacking discussion board used to leak stolen information

The FBI has seized the infamous BreachForums hacking discussion board that leaked and offered stolen company information to different cybercriminals.

The seizure occurred on Wednesday morning, quickly after the location was used final week to leak information stolen from a Europol regulation enforcement portal.

The web site is now displaying a message stating that the FBI has taken management over it and the backend information, indicating that regulation enforcement seized each the location’s servers and domains.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” reads the seizure message.

“We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us,” continues the seizure banner.

The seizure message additionally reveals the 2 discussion board profile photos of the location’s directors, Baphomet and ShinyHunters, overlaid with jail bars.

If regulation enforcement has gained entry to the hacking discussion board’s backend information, as they declare, they might have e mail addresses, IP addresses, and personal messages that might expose members and be utilized in regulation enforcement investigations.

The FBI has additionally seized the location’s Telegram channel, with regulation enforcement sending messages stating it’s beneath their management.

Seized BreachForums Telegram channel
Seized BreachForums Telegram channel
Supply: BleepingComputer

The FBI is requesting victims and people contact them with details about the hacking discussion board and its members to assist of their investigation.

The seizure messages embody methods to contact the FBI concerning the seizure, together with an e mail, a Telegram account, a TOX account, and a devoted web page hosted on the FBI’s Web Crime Grievance Middle (IC3).

“The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums,” reads a devoted subdomain on the FBI’s IC3 portal.

“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.”

“Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co and run by pompompurin) operated a similar hacking forum from March 2022 until March 2023. Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.”

This IC3 subdomain hosts a type that victims and different people can use to share details about BreachForums and its members.

BleepingComputer contacted the FBI and Division of Justice with additional questions, however no response was instantly obtainable.

The infamous BreachForums

BreachForums was the successor of a string of hacking boards used to commerce, promote, and leak stolen information, in addition to promote entry to company networks and different unlawful cybercrime providers.

The primary of those websites was often called RaidForums, which initially launched in 2015 and have become the most important website for distributing stolen information, and was generally utilized by ransomware and extortion teams.

The positioning was ultimately seized by regulation enforcement, with the police arresting the proprietor often called “Omnipotent”.

Quickly after, one in all its extra lively members, Pompompurin, created a brand new discussion board referred to as ‘Breached’ to fill the void left behind by RaidForums.

The positioning shortly grew in recognition and was utilized by 1000’s of members to brag about their cybercrime actions and to leak and promote stolen information.

Nonetheless, the location quickly drew the ire of regulation enforcement after one in all its members, IntelBroker, leaked the stolen information of D.C. Well being Hyperlink, a healthcare supplier for U.S. Home members, their workers, and their households.

Quickly after, Breached was seized by regulation enforcement, and its admin, Conor Fitzpatrick (aka Pompompurin), was arrested.

As soon as once more, these on this cybercrime group have been left with out a dwelling, so one in all Breached’s earlier admins, often called Baphomet, teamed with ShinyHunters, a infamous vendor of stolen information, to launch a brand new website named BreachForums.

Like the opposite websites, BreachForums shortly turned widespread with stolen company information being leaked from new breaches, together with these on AT&T, 23andMe, Hewlett Packard Enterprise, Residence Depot, Dell, PandaBuy, and The Submit Millenial.

At the moment’s seizure message signifies that regulation enforcement has had entry to the location’s servers, probably for a very long time, as they monitored risk actors’ actions.

Nonetheless, the breach that went too far could have been the current leak of information stolen from Europol’s Platform for Consultants (EPE) portal by a risk actor often called IntelBroker, forcing regulation enforcement to take motion.

Recent articles