BreachForums resurrected after FBI seizure

The cybercrime forum BreachForums has been resurrected two weeks after a law enforcement operation that seized its infrastructure.

The cybercrime forum BreachForums is online again, recently a US law enforcement operation seized its infrastructure and took down the platform.

The platform is now reachable at breachforums[.]st, which was one of the domains used in the past by the cybercrime forum.

The admin, who is using the moniker ShinyHunters, announced the return:

It is unclear if the current administrator is the notorious ShinyHunters hacker who operated from the platform before the law enforcement operation.

ShinyHunters claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000. Stolen data includes names, emails, addresses, phone numbers, ticket sales, and order details.

CyberKnown researchers speculate the Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation.

Hackread.com reported that ShinyHunters regained control of domains despite the FBI’s efforts, exposing notable operational setbacks and security lapses. However, we cannot exclude that the site is a honeypot set up by the feds.

From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc) was run by the notorious actor ShinyHunters.

From March 2022 until March 2023, a separate version of BreachForums (hosted at breached.vc/.to/.co) was run by the threat actor Pompompurin. In July 2023, the owner of the BreachForums Conor Brian Fitzpatrick, aka Pompompurin, pleaded guilty to hacking charges.

In March 2023, U.S. law enforcement arrested Pompompurin, the agents spent hours inside and outside the suspect’s home and were seen removing several bags of evidence from the house.

The man has been charged with soliciting individuals with the purpose of selling unauthorized access devices. Fitzpatrick was released on a $300,000 bond signed by his parents.

The BreachForums hacking forum was launched in 2022 after the law enforcement authorities seized RaidForums as a result of Operation TOURNIQUET. pompompurin always declared that he was ‘not affiliated with RaidForums in any capacity,’

Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

(SecurityAffairs – hacking, malware)