Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
Administrators of a popular clear web hacking forum say they are rebuilding their entire back end after discovering a PHP exploit.
After an outage lasting more than two weeks, the administrators of a clear web hacking forum have shared a statement explaining the forum’s absence.
Cyber Daily had observed the site was down almost two weeks ago, but since then, the admin team has shared their fears in an undated text post to the site’s previous web address.
“We would like to provide an update on recent events over the past two weeks. In or around April 15, we received confirmation of information that we had been suspecting since day [one] – a MyBB [zero]-day,” a BreachForums spokesman said.
“This confirmation came through trusted contacts that we are in touch with, which revealed that our forum is subject to infiltration by various agencies and other global law enforcement bodies.”
Once the admins learnt of the possible intrusion, they engaged “incident response procedures” after shutting the site down and securing its infrastructure. According to the admins, no user data had been impacted, and the base infrastructure remains secure.
“We would like to sincerely apologise to the community and our staff for the lack of communication and transparency during this time,” the spokesperson said.
“As you can appreciate, given the nature of our work, our priority had to be securing the safety of our infrastructure, staff, and the community above all else. Now that our incident response is complete, we are actively working on a complete rewrite of the forum back end.”
The admins also warned forum users to beware of various copycat forums that have sprung up since the outage.
“We strongly advise against engaging with these BreachForums clones, as they are likely honeypots and cannot be trusted. Please exercise caution and be discerning in whom you trust and which services you use,” the spokesperson said.
Despite rumours to the contrary, the spokesperson also denied that any BreachForums members had been arrested.
Despite this statement, it is worth noting that on one such clone, the alleged owner of the new forum has stated that they no longer trust the current admins.
"It has come to my attention that [URL] infrastructure was compromised through a [zer0]-day PHP exploit," said a user posting under the name Momondo.
"Following this security breach, and after careful personal reflection, I have decided to step down from the current team. I no longer feel confident in the current leadership and operational security measures, and I believe that continued involvement would not align with my personal values or standards for responsible forum management..
Momondo declared that they were planning on reinstating BreachForums "under new management".
Members of BreachForums have been responsible for a wide range of data breaches impacting major organisations at home and abroad. BreachForums member IntelBroker – who was the apparent owner of the forum until he resigned from the role in January 2025 – has posted data stolen from several high-profile organisations, such as Hewlett Packard Enterprise and Amazon, while Australian organisations allegedly compromised by BreachForums users include Protecta Australia and Sumo.
BreachForums has been seized by law enforcement operations in the past but has always sprung back into action shortly after.
UPDATED 01/05/25 to add commentary from Momondo.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.