The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users.
Multiple forums have operated under the name BreachForums, all devoted to building a community of collectors and threat actors who trade, sale, and leak data stolen from breached companies.
The first data breach forum to rise to prominence was RaidForums, and after the FBI seized it in 2022, a threat actor known as Pompompurin launched a remake called BreachForums (aka Breached) to fill the void.
This forum quickly rose to prominence, with threat actors proudly leaking massive amounts of stolen data, including data from U.S. Congress’ healthcare provider D.C. Health Link, RobinHood, and Twitter data leaked using an exposed API.
However, soon after the D.C. Health Link data was leaked, the FBI arrested the forum’s owner Conor Fitzpatrick, aka Pompompurin, in March 2023.
Soon after, multiple instances of the forum were created and seized by law enforcement. The latest incarnation was launched by ShinyHunters (now passed to new admins) and is still in operation today.
Due to multiple sites using the same name, the recently leaked data is from what we will call BreachForums 1.0, the site created initially by Fitzpatrick in 2022 and eventually seized by the FBI in 2024.
BreachForums 1.0 data leaked
Last week, a well-known threat actor named Emo leaked the personal information of 212,414 members of BreachForums 1.0.
According to Emo, the data comes directly from Fitzpatrick, who allegedly attempted to sell it in June 2023 for $4,000 while out on bail. Emo says the data was eventually purchased by three threat actors.
Fitzpatrick was arrested again in January 2024 for violating the terms of his pretrial release conditions, including using an unmonitored computer and a VPN. It is not known if this was related to his attempted sale of the BreachForums data.
Source: BleepingComputer
In July 2023, someone named ‘breached_db_person’ attempted to sell the forum database for $100,000 – $150,000 on the hacking forum.
The seller also shared the for-sale data with Troy Hunt, who told BleepingComputer it included the same data leaked by Emo and other database records. Hunt subsequently added the information to the Have I Been Pwned data breach notification service.
Emo told BleepingComputer that this data is from a November 2022 BreachForums database backup, the last one uploaded to Fitzpatrick’s MEGA account.
The leaked data contains a forum member’s user ID, login name, email address, registration IP address, and the last used IP address when visiting the site.
BleepingComputer has analyzed the database and verified that it contains the accurate information of many researchers who had accounts on the original BreachForums.
This data appears to be a manual export, as it is not in the MyBB forum database format but rather exported as tab-separated values.
While it’s likely that the database is already in the hands of law enforcement after the forum was seized, this data could still be helpful for security researchers who commonly build profiles of threat actors.
Using the leaked email addresses and IP addresses, researchers and law enforcement can link BreachForums members to other sites, their geographic location, and potentially to their real names.
The RaidForums database, which contained the data of 478,000 members, was similarly leaked online in May 2023.
