A database containing usernames, hashed passwords, login keys and email addresses among other information of nearly 478,000 RaidForums members has been leaked on a new hacking forum called Exposed, which launched earlier in May 2023. The leaked database contains member information for users who signed up on RaidForums between March 20, 2015, and September 24, 2020, when the dump was likely created.
The leaked database was uploaded by ‘Impotent’ one of Exposed’s admins. It’s unknown exactly when and why was the dump created. The uploader also mentioned that some of the RaidForum members may have been removed from the data dump as well. It’s a single SQL file and was used by the forum’s backend to store all user data.
BleepingComputer confirms that numerous accounts in the leaked database contain known registration information. Members of the Exposed forum itself have confirmed that their information is in the database, confirming the data’s validity.
RaidForums shut down in April 2022 when law enforcement seized the site’s infrastructure and arrested its admin ‘Omnipotent’ with two other accomplices. Next in line was Breached, another similar forum where threat actors would often try to sell leaked databases containing information on unsuspecting victims of data breaches around the world.
Breached also met the same fate as RaidForums in March 2023 with its founder and owner Pompompurin arrested by the FBI. The site’s other admin was concerned about law enforcement having access to the forum’s servers and eventually ended up shutting down the forum. Exposed is the latest forum in this line, hoping to fill the gap left behind by Breached and has gained traction since its May 2023 launch.
While there’s a good chance that law enforcement already has their hands on this database, the leak will likely help security researchers, who often build profiles on threat actors to help track their actions across the internet.