#BreachForums update

Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2025 is out!

It includes the following and much more:

➝ Hewlett Packard Enterprise is Investigating a #Breach

➝ Largest #DDoS Attack Ever Blocked

➝ #Cloudflare's CDN Can Reveal users' Location

➝ #BreachForums Founder to be Resentenced

➝ #Oracle Addresses 318 Flaws;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-042025?r=299go8

Listen, nobody knows if #BreachForums is gone or not. It's a real possibility that it won't ever come back.

Let's take Darknet Markets as a good example. They come and they go. They just don't last forever. But as markets go down, other markets get created and the ones in line to dethrone the best are always ready to take on refugees from other markets.

The same will eventually happen with the BF situation. The question is.. which new forum(s) will take it's place, and what other forums will rise to #1

https://x.com/DarkWebInformer/status/1800664857601024073

I haven't posted this on my site yet, but there have been a few developments likely related to the seizure of #BreachForums. As a preview, recall that Kantonspolizei Zürich were one of the cooperating entities in the takedown and that the seizure notice had two avatars behind bars: one was Baphomet, the other was a default avatar that has been used by a number of people, but is not the avatar of the forum owner ShinyHunters.

Law enforcement has yet to issue any press release or answer any questions about the takedown.

Developments:

#ShinyHunters was notified by #CloudFlare that they had received a court order ordering CF to cancel BF's account. CF complied with the court order. (Source: ShinyHunters shared text copy of CF communication with DataBreaches)

CF did not tell ShinyHunters what court had ordered that, so Shiny asked them to provide a copy of the order if there was no gag order with it, or to at least say what court ordered it so it could be appealed. They have not gotten a response from CF as yet to that request.

On May 15, the same day as the takedown, Switzerland Services sent customers a notice stating, in part, that "all our network equipment and servers in Switzerland were confiscated yesterday by Swiss police due to a local prosecutor order and therefore all services in Switzerland are currently unavailable and all data can de considered as lost and compromised."

ShinyHunters had previously told DataBreaches that BF has used servers and services in Switzerland.

ShinyHunters has also claimed to be in Switzerland. DataBreaches does not know if that is true or not.

I'll have this up on databreaches.net soon with the full message from Switzerland Services.

#seizure #FBI #NCA #enforcement #hacking #databreach

@brett @DarkWebInformer @arstechnica @campuscodi @zackwhittaker

#BreachForums has been seized by the #FBI and #DOJ with help from international partners.

The timing of the seizure is interesting. It could be that they decided to move now because of #IntelBroker's sale of data from #Europol, or it could be because a serious Russian TA listed three 0-days for sale.

Or it could be both. Or neither.

The seizure notice shows avatars for the administrator, Baphomet, and owner, ShinyHunters behind bars.

ShinyHunters' telegram account has not been seized and that account has been messaging me since the seizure-- so it's either Shiny or someone from LE who can write like Shiny.

The forum's TG channel has a seizure notice and so does Baphoment's official TG channel.

UPDATE 1: ShinyHunters tells me that Baphomet HAS been arrested.
.

@campuscodi @brett @BleepingComputer

A group of #hackers has announced the release of sensitive documents purportedly belonging to the #Five #Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.

The United States Department of State has launched an investigation into a possible cyber attack after confidential documents, which were reportedly obtained by a malicious actor, were leaked from a government contractor.

The announcement was made on a forum known as #BreachForums, where a user with the handle “#IntelBroker” posted a message to the community.

The post, dated April 2, 2024, claims that the data was obtained by infiltrating #Acuity Inc, a company alleged to work closely with the US government and its allies.

https://gbhackers.com/hackers-claiming-breach/

#23andMe #User #Data Stolen in Targeted Attack on #Ashkenazi #Jews At least a million data points from 23andMe accounts appear to have been exposed on #BreachForums . While the scale of the campaign is unknown, 23andMe says it's working to verify the #data.#cybercrime #cybersecurity #privacy #erecords #healthcare https://www.wired.com/story/23andme-credential-stuffing-data-stolen/

Referenced link: https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1640619984446689281#m

Conor Brian Fitzpatrick, the 20-year-old founder and admin of the now-defunct #BreachForums, has been charged in the U.S. with conspiracy to commit access device fraud. If found guilty, he faces up to five years in prison.

Read: https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html

Referenced link: https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1640373374349082625#m

Conor Brian Fitzpatrick, the 20-year-old founder and admin of the now-defunct #BreachForums, has been charged in the U.S. with conspiracy to commit access device fraud. If found guilty, he faces up to five years in prison.

Read: https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1640373376920301568#m

R to @TheHackersNews: #BreachForums was created in March 2022 as a marketplace for trading hacked or stolen data, including bank account info, Social Security numbers, #hacking tools, and databases with personally identifying information (PII).

It appears that #BreachForums may be permanently offline.

#FreePompompurin

"Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site “#BreachForums” under the name “#Pompompurin.”'

https://news.bloomberglaw.com/privacy-and-data-security/dark-web-breachforums-operator-charged-with-computer-crime

Referenced link: https://thehackernews.com/2023/03/pompompurin-unmasked-infamous.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/pompompurin-unmasked-infamous.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1636972309775802369#m

Busted! "Pompompurin" unmasked!

New York man arrested for running notorious #BreachForums hacking site.

Learn more: https://thehackernews.com/2023/03/pompompurin-unmasked-infamous.html

Dark Web #BreachForums Operator Charged With Computer Crime

cc @PogoWasRight

https://news.bloomberglaw.com/privacy-and-data-security/dark-web-breachforums-operator-charged-with-computer-crime