The seizure comes two days after IntelBroker, a prominent hacker on BreachForums, put up for sale some classified data stolen from one of Europol’s websites.
The FBI’s claim that it is reviewing the hacking forum’s backend data is raising speculation regarding its possession of forum members’ email addresses, IP addresses, and private messages.
“While details are sparse at this time, users of the site will likely have significant concerns over their own operational safety, with the FBI likely in possession of material that could be used to provide attribution of members,” said Michael McPherson, a former FBI special agent and now senior vice president of security operations at ReliaQuest. “Organizations named on BreachForums also may be provided with additional context over material breached on the forum,” he said.
Seized for the second time
This is BreachForums’ second takedown within a year, the first being in June 2023 following the arrest of then admin Conor Brian Fitzpatrick (aka Pompompurin) in March 2023.
After the arrest, the forum went into full ownership of the second admin at the time, Baphomet, who shut it down shortly after on suspicions that it had been compromised by authorities. That same month Baphomet partnered with the hacking group ShinyHunters, to reopen BreachForums on a different domain.
“While it is possible that the ShinyHunters group — who have facilitated the restoration of BreachForums after its initial takedown in 2023 — may attempt to restore their services, there will naturally be suspicions over law enforcement compromise; this was a sentiment observed on many cybercriminal sites in the aftermath of LE ops targeting ransomware groups, including Lockbit,” McPherson said.