In this blog, we explore the rise and fall of one of the most prominent hacking forums that was said to compete with RaidForums — BreachForums.
It’d be hard to come across a person in the cybersecurity world who’d have no idea what two of the most prominent hacking forums of these days — RaidForums and BreachForums — are. This blog has already walked you through what RaidForums was and why it got taken down. BreachForums is is RaidForums reborn — the website was said to have been created shortly after RaidForums got taken down by international law enforcement partners including the FBI, EUROPOL, NCA, Swedish Police, and other law enforcement agencies.
BreachForums was said to have been created somewhere around March 2022 and, just like its predecessor RaidForums created by Diogo Santos Coelho somewhere around 2015, facilitated discussions around various subjects including hacking tools, anime, porn, and, just like RaidForums, also distributed data breaches.
BreachForums was widely thought to be alternative to the now-defunct RaidForums mostly offering the same functionality and was available both through the clearweb and on the dark net too. BreachForums lasted around a year — after that, the hacker forum got seized, but it wasn’t the end of it.
The first version of BreachForums — the so-called BreachForums 1.0 — was allegedly created by a 20-year-old hacker going by the screen name of “Pompompurin” and it didn’t take long for the website to display a “This site has been seized” banner. Some speculate that the initial seizure of BreachForums could have got something to do with their Data Leaks section where, the U.S. Department of Justice alleges, sensitive information related to hundreds of millions of citizens living both across the U.S. and abroad was being shared.
We can only assume that the sharing of extremely sensitive information — such as the data for around 200 million users of a popular social networking site in the U.S. and the data related to InfraGard (a company facilitating the partnership between the FBI and the private sector) with around 87,000 entries — were the things that drew the attention of law enforcement to BreachForums.
It is alleged that the activity within BreachForums, just as in RaidForums, was related to unauthorized selling/purchasing of data stolen from websites (the sales of data leaked in data breaches), unauthorized access to computer systems, and other criminal activity.
The administrators of BreachForums likely thought that they could evade detection/consequences for their actions by running the site under multiple TLDs, but that didn’t help as many of these websites were quickly seized by the authorities too.
The users of BreachForums were also active on Telegram — BreachForums has allegedly had a rather popular Telegram community who discussed hacks, leaks, and other activity related to the forum.
The fall of BreachForums was inevitable. Since the website popped up as a replacement for it’s predecessor RaidForums and shared the same design, the same content management system and similar forums, law enforcement was bound to be at the door sooner or later.
To support the news that surprise absolutely no one, BreachForums was seized. In fact, the forum was seized twice — after the FBI and other law enforcement partners apprehended Conor Brian Fitzpatrick, a new version of the site wasn’t that far away. A new version of BreachForums — BreachForums 2.0 — has launched just weeks after the initial version of BreachForums got taken down.
This only proves the persistence of cybercriminals because shortly after the new version of BreachForums emerged, members started registering on that forum as well. Together with the second version of BreachForums, numerous other hacking forums of the same nature had also appeared and those forums had promised their users stability and better operational security (alluding to the fact that the forum, just as those before it, can get taken down too.)
Shortly after, various well-known figures in the hacking world emerged. One of those figures was person or a group of people going by the alias of “ShinyHunters” — ShinyHunters was allegedly at the helm of another similar hacking forum, but then assumed the control of BreachForums. Since the users within BreachForums were pretty careless with the data they share (some say that the leak that got law enforcement on the trail of BreachForums was related to a data leak from an Europol portal), BreachForums 2.0 got on the radar of law enforcement once again. It should be stated that forums like BreachForums run multiple Telegram channels to facilitate communication between their members too, but it didn’t take long before their official Telegram channel displayed a message that it was under the control of the FBI as well:
It is said that forums similar to BreachForums exist to this day — it’s unclear whether they’re a honeypot for law enforcement agencies to attract hackers, but their re-emergence clearly demonstrates the resilience of cyber criminals and the fragility of such takedowns.
It should be said that social media platforms such as X (Twitter) play a role in helping cybercriminals develop, too. Don’t understand us wrong — the owners of these platforms have nothing to do with hacking forums — but these kinds of social media profiles related to hacking forums usually share a lot of information related to their development.
The story and the legacy of BreachForums once again demonstrates the resilience of cyber crooks and the ongoing battle between cybersecurity professionals and law enforcement; the emergence of platforms related or similar to BreachForums only corroborates this claim. Even after hacking forums get taken down, it usually doesn’t take long for their copies to appear on the clear web or on the dark web, but don’t make any mistakes — law enforcement officers are watching and they’re prepared to take all of the necessary action to take cyber criminals down.
The rise and fall of platforms like RaidForums and BreachForums is a clear testament to the fragility of the web these days — hackers and script kiddies swarm to such platforms like bees reach for honey, and even with those platforms being taken down, the fight between criminals and law enforcement isn’t over.
As criminals gain momentum, law enforcement agencies don’t sleep and are ready to collaborate on any activity related to these forums.
All that supports the fact that cybersecurity professionals like us have to keep updated with the latest trends in cybersecurity and beyond to not fall victim to cyber crooks and their nefarious activities.
One of the services allowing you to avoid falling victim to cyber theft is BreachDirectory — a data breach search engine built with the well-being of its users in mind. BreachDirectory will inform you whether your account is at risk of identity theft by allowing you to search through troves of leaked data breaches and the BreachDirectory API will facilitate access to data breaches from afar so you could better protect your company, employees, and customers.
We hope that this blog has been useful for you, don’t forget to follow us on X (Twitter), LinkedIn, and Facebook for more updates, and until next time.
BreachForums was a well-known forum facilitating discussions between cyber criminals. Some may say that legitimate cyber security professionals were also present on BreachForums and that cannot be denied — however, with BreachForums acting in such a similar nature to its previously taken down brother RaidForums and being a hub for hundreds of thousands of hackers, it wasn’t long before BreachForums has met a similar fate.
BreachForums did get taken down just as its predecessor — RaidForums — did too. It’s unclear whether the users of BreachForums that may have accessed other forums are at risk of being investigated by law enforcement, but some say that the FBI even facilitated control of the Telegram chat related to the forum to catch cybercriminals.
One of the initial founders of BreachForums — pompompurin or Conor Brian Fitzpatrick — was apprehended, while the identities of other operators are unclear.
To protect yourself from the very thing BreachForums was known for — data breaches — make sure to use data breach search engines such as BreachDirectory to find out whether your email, username, IP address or domain is in the hands of hackers and take preventative measures. Make use of the BreachDirectory API to draw data from the data breach search engine for your use case as well.
There have been rumors about a data breach targeting Schneider Electric. Did a data breach…
There have been rumors about the Fiskars Group – the company behind Fiskars scissors and…
Russia has fined Google more than two undecillion roubles because Google has refused to pay…
Why does RockYou 2024.txt look like a binary file when you open it up? Find…
Duolicious is a dating app that connects people who are “chronically online.” Did the Duolicious…
This blog will tell you what RockYou 2024 is, how RockYou 2024.txt came to be,…