In what has been called as BreachForums Final update, the current administrator, who uses the alias ‘Baphomet’, has confirmed he is taking it down. The move comes a day after Baphomet assured that the migration process is on, despite the issues.
However, Baphomet assured that another Telegram group for the forum members will be up soon.
BreachedForums down, confirms admin
In what was termed “the final update”, Baphomet announced the intention to take down the forum, as “nothing is safe anymore”.
“I know that everyone wants the forum up, but there is no value in short term gain for what wil likely be a long term loss by propping up Breached as tis. (sic)”
The FBI on March 15 arrested Conor Brian FitzPatrick, who have been running BreachForums under the name ‘pompompurin.’ Shortly, a user under the alias Baphomet assumed command and assured that the migration process is ongoing despite some issues.
“The fallout from this arrest could be law enforcement gaining access to information on illicit dealings on the forum,” said a Cyble analysis of the situation.
“Pompompurin is also known as the forum’s primary middleman, acting as a trustworthy third party between sellers of stolen databases and unauthorized accesses and their buyers without receiving any fees.”
This seemingly charitable act gave Pompompurin users’ to databases, users’ wallet information, handles on Telegram, and various information which can be used to indict further or incriminate individuals involved in the forums.
This possibility was discussed by forum members, with Baphomet stating that he is likely law enforcement’s next target, found Cyble researchers.
Image courtesy: Cyble
There is currently no access to BreachForums, the website where stolen data, such as login credentials, credit card numbers, and personal information, were purchased, sold, or traded.
“I imagine this means all users will need to register again and that all threads, awards, posts, etc, are now gone,” wrote Alon Gal, Co-Founder and CTO of Israel-based cybersecurity company Hudson Rock.
“It seems Baphomet, the new administrator, is much more attentive to OPSEC than their predecessor.”
BreachedForums down, not out
BreachForums has long been targeted by law enforcement, with multiple takedowns throughout its history. The present version of BreachForums emerged in March of 2022 as an alternative to RaidForums.
“It was seized in a collaborative effort by international law enforcement agencies following the arrest of its administrator, Diogo Santos Coelho, AKA Omnipotent,” said the Cyble report.
“To smooth the transition from RaidForums to BreachForums, Pompompurin used a similar theme to RaidForums, and allowed previous members of RaidForums to retain their paid ranks.”
In September 2021, an earlier version of BreachedForums was hacked, resulting in the theft of an entire database of user accounts and posts. This hack was subsequently leaked online, exposing sensitive information such as usernames, email addresses, IP addresses, and passwords.
The current BreachForums domain, breached.vc, was registered by 1337 Services LLC in November 2022. This same company also owns other domains such as piratbaypirate.link, dustydunes.app, and yougotcustomers.in.
Before BreachedForums final update, it took many down
BreachForums has been in the cybersecurity news for large-scale high-profile breaches. At the time of taking it down, the forum had 336,800 members and has been host to many notable leaks and data breaches since its inception.
Previously, its users have targeted organizations and individuals around the world, including Yahoo, LinkedIn, and Dropbox.
In January, LeakBase (a BreachForums member) exposed sensitive data from German-managed IT service provider BITMARCK. This was followed by the massive theft of 16 million Indians’ personally identifiable information (PII) from the Swachh City platform in September 2022.
The same BreachForums member also leaked data from popular Chinese mobile phone brands OnePlus-Oppo and Realme.
More recently, the same user claimed to have accessed the control panel of Motorola’s JIRA CRM backup, and that 11GB of data was now available on the site.