ShinyHunters revive BreachForums shortly after the FBI’s takedown

3 Min Read

The famous (rather infamous) dark website BreachForums comes to life when the infamous ShinyHunters resurrect it. BreachForums went bankrupt after the FBI’s action, but the efforts appear to have been in vain.

BreachForums returns as ShinyHunters revives it

Shortly after going down, BreachForums comes back live – even before people could actually celebrate (or mourn, depending on your preferences) its demise.

As recently reported, BreachForums is back up and running after the infamous hacker group ShinyHunters decided to revive it.

The site enjoyed enormous popularity on the dark web, providing users with a platform for all kinds of hacking and criminal discussions. It became even more popular after another similar one, RaidForums has been removed by the Federal Bureau of Investigation (FBI) in 2022.

But like any other criminal site, the FBI continued to hunt down BreachForums, seizing a few rapid actions in 2023. Nevertheless, BreachForums was revived under the ownership of ShinyHunters and a former administrator “Baphomet”.

Finally, in May 2024, the FBI came seized the domains of BreachForums and arrested alleged admin Baphomet.

But things started to seem awkward as soon as BreachForums was resurrected after its deletion – again by ShinyHunters. (Perhaps that’s why the FBI hasn’t issued a comprehensive press release about this activity, other than posting a site seizure notice on BreachForums domains and Telegram channels.)

Shortly after the FBI’s activities, the security community was able to notice the resurgence of the site, which they eventually shared through the site X messages.

Apparently the ShinyHunters group bragged about their resistance and taking over the site’s domain. Although, she confirmed Baphomet’s arrest.

See also  Haun Ventures is riding bitcoin high

Wait, is that so? The The same BreachForums?

BreachForums has not only reappeared on the dark web and Telegram; it also appears visibly on the internet and asks for login details to enter the site. However, suspicion remains as some doubt the site is a Honeypot.

Nevertheless, the site appears to be active even when ShinyHunters started posting breached data on the site. The recent breaches (as reported) are having an impact TicketMaster And Shell.

However, speculation remains about the legitimacy of these two breaches. Here is a wonderful analysis of the recent BreachForums posts from “CyberKnow” about how this could be nothing more than an attention-grabbing move by the threat actors, possibly posting previously leaked data. (Both Ticketmaster and Shell have suffered data breaches before.)

Let us know your thoughts in the comments.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *