Dark Web News

BreachForums is Back: What Do We Know?

BreachForums is Back: What Do We Know?

The popular dark web forum, BreachForums, went offline in March 2023. Three months later, in June 2023, a hacker group known as ShinyHunters brought BreachForums back to life. But is it really the same forum? And will it be as successful?

BreachForums – the timeline

BreachForums, which is widely known as one of the top hacking and data breach platforms, emerged as the successor to RaidForums, a renowned hacking forum, which was seized in February 2022. Three weeks later, Pompompurin, a notable threat actor from RaidForums, introduced BreachForums as an alternative on the dark web

Since then until its closure in March this year, BreachForums gained over 255K registered members, serving as a leading dark web platform where users exchanged vulnerabilities, exploits, hacking, and phishing tools, leaked and stolen PII such as databases, documents, and compromised accounts, like email addresses, domains, and credit cards.

BreachForums timeline

After its closure, BreachForums users were left with no choice but to shift to existing popular dark web forums such as Exploit and XSS. At the same time, new forums, such as LeakBase and Exposed, attempted to replace BreachForums, by offering discussions on hacking and a marketplace section for trading compromised data and exploits. 

Is BreachForums really back?

As we mentioned before, a new site emerged under the name BreachForums in June 2023, by the ShinyHunters hacker group. This group is a known cybercriminal gang who have hacked into Microsoft, NitroPDF, Pixlr, Mathway, Mashable, Bonobos, etc., stealing the data of millions of users in 2020 and 2021. 

Despite the fact that BreachForums is still under an FBI investigation, the group decided to publicly announce that they have relaunched the site.

The new Breachforums admin announces that the forum is back
The new Breachforums admin announces that the forum is back

Those who are familiar with the original BreachForums will immediately notice that it looks a lot like its predecessor, with an almost identical design and structure, but under different domains, including domains on the open web and on Tor.

A screenshot of the main page of the new dark web forum Breachforums
A screenshot of the main page of the new Breachforums

The new BreachForums launched with many of the old stolen databases that the original BreachForums hosted. Some users have also reposted previously shared high-profile breaches, such as the December 2022 leak from the FBI’s InfraGard program, or the more recent DC Health Link breach in early March. While some users were still testing if the new forum was reliable, others have already posted new data containing leaked and stolen databases, documents, and compromised accounts. 

While many other alternative forums have emerged, as we covered before, the new BreachForums already contains a larger volume of data than any of its competitors. The new forum has already gathered over 14K registered users, including active threat actors previously operating on the original BreachForums.

New BreachForums – new challenges

The new BreachForums may have only been around for a short time, but it has already faced some challenges. The major one saw the personal data of over 4,200 of its members compromised, including nicknames, linked email addresses, IP addresses, social media identifiers, encrypted passwords, and other data. 

OnniForums, a hacking and leaks-related forum confirmed their breach by publishing a post on Twitter where they confirm that they had hacked into BreachForums. ShinyHunters informed their members about the breach on the site and advised the forum members to change their passwords, revealing that the intrusion was due to a zero-day flaw in MyBB: 

ShinyHunter’s post informing the members about the recent breach, the image was taken from Webz.io's Cyber API
ShinyHunter’s post informing the members about the recent breach, the image was taken from Webz.io’s Cyber API

The short time it took to establish the new BreachForums shows how elusive the online cybercriminal world is and how hard it is for law enforcement to stop these illicit activities, even after arresting the admins and shutting down forums. This is another example of why monitoring the dark web in general, and more specifically platforms on the deep and dark web plays a key role in keeping organizations ahead of evolving threats.

With the constant exchange of illicit content on dark web forums, it has become crucial for enterprises and organizations to diligently monitor activities not only from this specific forum but also from the vast expanse of deep and dark web marketplaces, forums, and chat applications. In doing so, they can proactively identify and counter cyber threats to their business, data, and employees.

Sofia Prisiallni
Sofia Prisiallni

Cyber Analyst

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
Create your API account and get instant access to millions of web sources