Data theft forum BreachForums seized by police after Europol break-in

The FBI and other investigative authorities from the USA and other countries have taken control of the "BreachForums" domain. This is a data theft forum where stolen data from cyber attacks on companies and organizations was repeatedly offered and sold. This also included documents from the recent breach of a Europol forum. But now the various BreachForums addresses are either no longer accessible or indicate that they have been seized by police authorities.

The message reveals that the authorities are currently investigating the data found on the servers. If visitors have further information about BreachForums' cybercriminal activities, they are asked to help. The BreachForums backend is likely to give police authorities access to contact and IP addresses as well as private messages of participants, which can be used for investigations and prosecutions.

BreachForums is one of the data hacking forums that emerged after the closure of RaidForums. RaidForums was founded back in 2015, was one of the largest forums for the distribution of stolen data and was used by many ransomware and extortion groups. However, in April 2022, Europol was able to report the closure of the RaidForums criminal marketplace. The owner of RaidForums with the synonym 'Omnipotent' was arrested and charged.

After RaidForums, Breached & BreachForums are also shut down

Shortly afterward, however, 'Pompompurin', one of the most active members of RaidForums, founded a successor to this data theft forum, Breached. Breached, too, was subsequently used by thousands of members to brag about their cybercrime activities and to offer and sell stolen data. Almost a year later, this data theft forum was also shut down due to police investigations after Pompompurin was apparently arrested, and the authorities were able to obtain his access data.

After the second administrator of Breached – 'Baphomet' – closed this forum to protect its members, he teamed up with a notorious data hunter named 'ShinyHunters' and founded another successor, BreachForums. There, data thieves published millions of vaccination data from Turkey, for example, but also millions of data from a vaccination portal in India.

FBI grabs BreachForums admin and Telegram access

BreachForums has been the focus of the FBI from the very beginning, which was also able to gain access to the database of one of the largest data theft forums. Now BreachForums has been shut down for good and Baphomet is apparently also in the custody of the authorities, as Bleeping Computer reports that BreachForums' Telegram channel and other Baphomet channels have also been seized. For example, the FBI posted messages under Baphomet's Telegram account.

One of the most well-known data leakers on these forums called 'IntelBroker' confirmed to Bleeping Computer on Telegram that Baphomet had been arrested. IntelBroker is also credited with breaking into the Europol forum and the recent cyber-attack on the British Army's accounting system. When asked by Bleeping Computer, both the FBI and the US Department of Justice declined to comment on the case.

(fds)