Underground forum: Five BreachForums admins arrested in France

French investigators have succeeded in striking another blow against underground data thieves. They arrested a total of five administrators of the dark net forum “BreachForums”, four of them earlier this week. The five suspects are now in custody, and the forum has been offline since April. It is unclear whether it will reopen under new management.

The suspects arrested this week are French citizens and go by the pseudonyms “Hollow”, “Noct”, “Depressed” and “ShinyHunters”. The fifth suspect, nicknamed “IntelBroker”, has been in custody since February. The French investigators struck in the departments of Hauts-de-Seine in the greater Paris area, Seine-Maritime in the north-west of the country and Réunion, an island in the Indian Ocean. The arrest was first reported by “Le Parisien”.

Five suspected operators and fences

The five suspects were allegedly the operators of the dark net forum and also frequently published explosive data treasures themselves. ShinyHunters and IntelBroker in particular had made a name for themselves in recent years with numerous data leaks. IntelBroker, for example, offered development data from Cisco and AMD and stole data from HPE. ShinyHunters, on the other hand, was responsible for an attack on the event company LiveNation, following which another forum member distributed 170,000 tickets for concerts by the singer Taylor Swift.

BreachForums was hacked by authorities in April using a PHP vulnerability and has been offline ever since, officially out of an abundance of caution. It was probably the largest forum for trading stolen data – where criminals offered password lists and confidential trade secrets. Most of these came from cyberattacks or were collected using infostealers. The forum had been under observation by the authorities for years and was hijacked by them in 2023 and 2024.

(cku)