BreachForums, the infamous cybercrime and hacking forum, has returned to the clearnet and dark web within two weeks after the U.S. Federal Bureau of Investigation (FBI) seized control of its infrastructure.
On May 15, 2024, the FBI and Department of Justice (DoJ), with assistance from international partners, took the BreachForums website and Telegram channel offline, displaying a message on both websites that they were now “under the control of the FBI.”
โThis website has been taken down by the FBI and DOJ with assistance from international partners. We are reviewing the site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us,โ the site read.
Besides the above, one of the forum’s admins, Baphomet,ย was arrested in the process. However, ShinyHunters (Shiny), the primary administrator of BreachForums, claimed to escape unharmed, braggingย that none of its members were arrested.
On May 16, 2024, ShinyHunters was said to have regained access to the original clearnet domain (breachforums.st) and other associated clearnet domains, including escrow.breachforums.st, breached.in, and two other parked domains, as well as a new dark-web domain from the law enforcement (via Hackread.com).
This revival was revealed by cybersecurity researchers and dark web trackers,ย Brett Callow,ย Dark Web Informer, andย FalconFeeds.
Adding to the intrigue, a user named ShinyHunters posted for sale a vast 1.3 TB database containing personal details of allegedly 560 million Ticketmaster customers for $500,000.
The database includes full names, including name, address, email, phone number, details of ticket purchases, event information, order details, and the last 4 digits of credit card along with their expiration dates.
Interestingly, visitors to the site are now being asked to create an account to view the content.
It is unclear if the current administrator is the original ShinyHunters hacker who operated on BreachForums.
Also, there is no clarity as to how the hacker managed to get access to the clearnet sites seized by the FBI.
According to Hackread.com, they reclaimed the domain from NiceNIC Group Co. Ltd. – the Hong Kong-based domain registrar, whose details still remain scarce.
Meanwhile, the U.S. DoJ and the FBI have not provided any press releases regarding ShinyHunters’ claims.
The re-emergence of the BreachForums highlights many issues, including failures in the FBI organization’s cybersecurity operations, security vulnerabilities, public perception, and legal and procedural issues.
