In an ironic development, BreachForums—one of the world's largest marketplaces for stolen data—has been breached yet again, this time exposing the real identities of hundreds of thousands of cybercriminals who believed they were operating anonymously.
On Jan. 9, an individual using the moniker "James" published a database containing detailed information on 323,986 BreachForums users on a website seemingly named after the ShinyHunters extortion group. The database included usernames, email addresses, IP addresses, registration dates, and other metadata that could help law enforcement agencies worldwide potentially identify and prosecute members of the notorious hacking community.
Authentic and Comprehensive
Cybersecurity firm Resecurity, which analyzed the leaked database and published a comprehensive report, confirmed the data's authenticity. In comments to Dark Reading, a member of Resecurity's HUNTER threat intelligence team said the leaked information included emails in clear text and other information that law enforcement could find very useful. "The records are authentic and some of this information has been already used by our HUNTER unit for enrichment and cross correlation," the team member says.
The researcher adds that Resecurity has an idea who James is, but the company does not want to "interpret it any fashion or form."
Related:GoBruteforcer Botnet Targets 50K-plus Linux Servers
James appears to have decided to publish the BreachForums database because of a growing sense of disillusionment with some of its key members. In a lengthy, and often theatrical, 23-part manifesto, the individual identified themselves as an ageless and legendary hacker who has apparently been operating for decades and has acted as a mentor to multiple cybercrime groups, including ShinyHunters and Anonymous. "Those children have been mine. They grew as I did. They grew because I did," James wrote, before also adding it was time to "devour my children" and deliver their identities to authorities.
A Rambling Manifesto
The manifesto specifically names several individuals allegedly involved in running BreachForums and ShinyHunters, including French nationals Dorian Dali, Nahyl Ojeda, Ali Aboussi, and others, many of whom appeared to be teenagers or young adults. According to James, the final straw came when these groups attacked French targets. "When you decided to turn against the French Nation, the daughter of the Church, I understood that time had come," he wrote, framing the leak as designed to protect the interests of France ahead of political change. "It was time to offer you to the Lords of Destruction," James wrote adding somewhat dramatically, "I am here to settle your destiny."
Related:Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats
... continue reading