FBI seize BreachForums hacking forum used to leak stolen data


The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals.

The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law enforcement portal.

The website is now displaying a message stating that the website and its backend data are now under the control of the FBI, indicating that both the site’s servers and domains were seized in the law enforcement action.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” reads the seizure message.

“We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us,” continues the seizure banner.

The seizure message also shows the two avatars of the site’s administrators, Baphomet and ShinyHunters, with the addition of prison bars.

If law enforcement has gained access to the hacking forum’s backend data as they claim, it could be used to aid law enforcement investigations as email addresses, IP addresses, and private messages between members would potentially be exposed.

The FBI has also seized the site’s Telegram channel, with law enforcement sending messages stating it is under their control.

Seized BreachForums Telegram channel
Seized BreachForums Telegram channel
Source: BleepingComputer

The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.

The seizure messages include ways to contact the FBI about the seizure, including an email, a Telegram account, a TOX account, and a dedicated page hosted on the FBI’s Internet Crime Complaint Center (IC3).

“The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums,” reads a dedicated subdomain on the FBI’s IC3 portal.

“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.”

“Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co and run by pompompurin) operated a similar hacking forum from March 2022 until March 2023. Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.”

This IC3 subdomain hosts a form that can be used by victims and individuals who wish to share information about BreachForums and its members with law enforcement.

BleepingComputer contacted the FBI and Department of Justice with further questions, but no response was immediately available.

This is a developing story.



Source link