FBI and French Police Shutter BreachForums Domain Again

The FBI and our partners have seized domains associated with BreachForums, a major criminal marketplace used by ShinyHunters, Baphomet, and IntelBroker to traffic stolen data and facilitate extortion. This takedown removes access to a key hub used by these actors to monetize intrusions, recruit collaborators, and target victims across multiple sectors. It demonstrates the reach of coordinated international law enforcement operations to impose cost on those behind cybercrime.

A separate PGP-signed statement from ShinyHunters, reposted by SOCRadar, claimed the Feds have also seized every database backup for the BreachForums site since 2023, and that all escrow databases have been compromised. The backend servers have been destroyed, it added. “BreachForums is never coming back; if it comes back, it should immediately be considered a honeypot,” the statement continued.

However, the seizure of backups could help law enforcers with other investigations, said AppOmni chief security officer, Cory Michal. “If that’s accurate, it’s interesting because it means investigators now have access to historical user data, including registration details, IP logs, private messages, and transaction records from one of the most active criminal communities over the past few years,” he added. “That level of visibility can directly aid in mapping relationships, attributing aliases to real identities, and building stronger criminal cases against repeat offenders. It’s not just a domain seizure; it’s potentially a treasure trove of evidence to further the investigation.”

Victims were either targeted via a vishing campaign in which they were tricked to download a malicious version of Salesforce’s Data Loader app or compromised via OAuth tokens associated with the third-party Salesloft Drift application.

To read the complete article see: Infosecurity Magazine