The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs.
Law enforcement authorities in the U.S. and France worked together to take control of BreachForums web infrastructure before the Scattered Lapsus$ Hunters hacker got to fulfill their threat of leaking data from Salesforce breaches at companies that did not pay a ransom.
Backups since 2023 under FBI control
The cybercriminals confirmed the takeover of BreachForums via message on Telegram signed with ShinyHunters PGP key. They said the seizure was inevitable and added that "the era of forums is over."
BleepingCompuer can confirm that BreachForums is now controlled by law enforcement authorities as the latest domain update occurred on October 9 and the nameservers have been changed to those the FBI uses for seizures.
From the analysis conducted after law enforcement's action, ShinyHunters concluded that all BreachForums database backups since 2023 have been compromised along with all escrow databases since the latest reboot.
The gang also said that the backend servers have been seized. However, the gang's data leak site on the dark web is still online.
The ShinyHunters team said that no one in the core admin team has been arrested but they will not launch another BreachForums, noting that such sites should be seen as honeypots from now on.
According to the threat actor's message, after RaidForum's takedown, the same core team planned multiple forum reboots, using admins like pompompurin as fronts.
Message from the ShinyHunters gang after the FBI seized BreachForums
... continue reading