Skip to content

BreachForums is back online even after FBI takedown

  • by
  • 2 min read

Cybercrime forum, a hub for data leaks, and threat actor network, BreachForums, is back online after the website’s recent takedown by US law enforcement. The forum was shut down on May 15 by a joint operation led by the FBI and DoJ.

An admin with the moniker ShinyHunters announced its return. This account also operated the website before it was shut down, and it’s unclear at the moment if it’s the same hacker. ShinyHunters also claimed a TicketMaster hack and offered the stolen data, which includes the full details of the 560 million affected customers, for $500,000. Researchers speculate that this announcement has given the new website the number and reputation it needs.

According to Hackread, ShinyHunter regained control of the domains despite attempts from the FBI to keep it locked down, by contacting Hong Kong-based domain registrar NiceNIC. This includes the site’s current domain (breachforums.st) as well as other domains such as escrow.breachforums.st, breached.in, and two other parked domains.

The hacker did this by reportedly sharing an email claiming it was an official conversation between a computer scientist from the FBI’s cyber division and NiceNIC. A few hours after the FBI shut down BreachForums’ domains, ShinyHunters had regained control while the FBI’s NiceNIC account registered as “bf_fbi” was suspended. That said, the new website can also be a honeypot to lure cybercriminals by the Feds.

BreachForums was initially run by a threat actor under the moniker Pompompurin from March 2022 to March 2023. However, the FBI arrested Pompompurin, legally known as Conor Brian FitzPatrick, on March 15, 2023. Fitzpatrick was charged with one count of conspiracy to commit access device fraud, and his bail was set at $300,000, which his parents paid for. 

Following his arrest, another BreachForum admin named Baphomet announced that the site would be shut down. While Baphomet did not disclose any reasons for the shutdown, it was likely due to suspicions that law enforcement agencies might have accessed the site’s configuration files, source code and other information about the forum’s users. 

In the News: Microsoft tracks ‘Moonstone Sleet’, new North Korean threat actor

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>