Pierluigi Paganini May 15, 2024

An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum.

BreachForums is a cybercrime forum used by threat actors to purchase, sell, and exchange stolen data, including credentials, and personal and financial information. The authorities also seized the Telegram page for the hacking forum

The website currently displays a message that informs visitors it was seized by law enforcement. The site also shows the logos of the law enforcement agencies that ware involved in the operation, including the UK NCA, the Australian Federal Police, the New Zealand Police, and the Swiss police.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” reads the message published on the seized site. “We are reviewing the site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us.”

According to the statement published by law enforcement on the site breachforums.ic3.gov, the FBI states that it is investigating the criminal hacking forums known as BreachForums and Raidforums.

From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc) was run by the notorious actor ShinyHunters.

From March 2022 until March 2023, a separate version of BreachForums (hosted at breached.vc/.to/.co) was run by the threat actor Pompompurin. In July 2023, the owner of the BreachForums Conor Brian Fitzpatrick, aka Pompompurin, pleaded guilty to hacking charges.

In March 2023, U.S. law enforcement arrested Pompompurin, the agents spent hours inside and outside the suspect’s home and were seen removing several bags of evidence from the house.

The man has been charged with soliciting individuals with the purpose of selling unauthorized access devices. Fitzpatrick was released on a $300,000 bond signed by his parents.

The BreachForums hacking forum was launched in 2022 after the law enforcement authorities seized RaidForums as a result of Operation TOURNIQUET. pompompurin always declared that he was ‘not affiliated with RaidForums in any capacity,’

Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.

People who have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums can fill out the questionnaire on the website.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, BreachForums)