Popular Cyber Crime Forum Breach Forums Seized by Police

The FBI and the Department of Justice (DoJ) have seized the infamous cybercrime and hacker forums Breach Forums. This breaking development occurred just an hour ago when the forum’s homepage was replaced by a message from the authorities announcing the seizure.

This seizure differs from previous ones, as Hackread.com can confirm. Authorities have not only managed to take over Breach Forums’ clear net domain, but they have also seized its Escrow domain and dark web domain accessible through the Tor browser.

“Breach Forums is under the control of the FBI. The website has been taken down by the FBI and DoJ with assistance from international partners. We are reviewing the site’s backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us.”

FBI on Breach Forums

Since this was an international law enforcement operation, the countries involved included New Zealand, Australia, the United Kingdom, Switzerland, Ukraine, and Iceland.

Screenshot: Hackread.com

Furthermore, the FBI has taken over additional communication channels associated with the forum. This includes the official Telegram account of the forum @Breachforums, the group chat Telegram account @Baphchat, and the official Telegram group used by its main administrator Baphomet @OfficialBaphomet to announce critical updates.

“This Telegram chat is under the control of the FBI. The BreachForums website has been taken down by the FBI and DOJ with assistance from international partners. We are reviewing the site’s backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us.”

FBI on Telegram

Screenshot: Hackread.com

****Arrest Made?****

As of now, the FBI and the DoJ have not disclosed any details regarding arrests. However, ShinyHunters confirmed to Hackread.com that Baphomet is one of the administrators who was arrested and shared Breach Forums’ credentials with the authorities.

****History of Breach Forums After Raid Forums****

Breach Forums drew inspiration from the now-seized Raid Forums (RF), which was created and administered by Omnipotent, also known as Diogo Santos Coelho. Following the shutdown of Raid Forums, a member known as “Pompompurin” created a new version, opting to name it Breach Forums instead of continuing Raid Forum’s legacy.

After a brief period of success, Breach Forums met the same fate as Raid Forums when it was taken down by the FBI. Its administrator, Pompompurin, also known as Conor Brian Fitzpatrick, was arrested in New York.

It’s noteworthy that while Coelho continues to face legal battles in the United Kingdom, Fitzpatrick was charged and received a 20-year supervised sentence.

In June 2023, Hackread.com exclusively reported on the revival of Breach Forums under the leadership of ShinyHunters, a highly notorious hacker group. Since then, the group has been operational, making headlines for several high-profile data breaches and leaks. Notable incidents include:

• Dell
• AT&T
• Acuity
• Europol
• Space-Eyes
• Home Depot
• Robert Half
• Hathway ISP
• LA Intl. Airport
• Weee! Grocery
• General Electric
• Facebook Marketplace
• HSBC & Barclays Banks
• Cybersecurity firm Zscaler

and 100s of others.

Narayana Pappu, CEO at Zendata, a San Francisco-based provider of data security and privacy compliance solutions commented on the seizure stating, “It is highly likely that the forum will eventually reappear under the same or different name. As far as the previously stolen data leaked on the site, I expect that multiple local copies of it have been downloaded by actors participating in the forums, so there’s continued exposure. Beyond that, the forum operators may have backups of this information, unless the FBI/DOJ also got the operators/backups,“ Narayana explained.

“Most people participating in these forums are fairly sophisticated and would have protected their identities, however, some folks could be tracked based on their IP addresses, telegram account information, email addresses, etc… Therefore, this will likely be a deterrent to some extent.“

Nevertheless, Hackread.com is closely monitoring the situation. Once there is an official update from either of the agencies involved, this article will be updated accordingly with the latest information.

1. Finnish Dark Web Marketplace PIILOPUOTI Seized
2. NetWire Malware Site and Server Seized, Admin Arrested
3. Hive Ransomware Gang Disrupted; Servers, Dark Web Site Seized
4. Genesis Market’s Clearnet domain seized; Dark Web site still online
5. WT1SHOP Cybercrime Market Seized by US, Portuguese Authorities