cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

BreachForums seized by global law enforcement, admin arrested

Global law enforcement agencies led by the FBI have taken control of the infamous BreachForums overnight.

user icon Daniel Croft
Thu, 16 May 2024
Breach Forums seized by global law enforcement, admin arrested
expand image

The site seizure occurred overnight, with the BreachForums site and Telegram both displaying messages from the FBI.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” the message said.

“We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us.”


Attempts to reach BreachForums are met with an FBI banner displaying the message, as well as the Department of Justice emblem and the profile pictures of the two BreachForums admins, Baphomet and ShinyHunters, but edited to appear behind bars.

Moving to the site’s Telegram, which displays a similar seizure message, the FBI is requesting that those with information about some of the criminal activity come forward and let them known on its own Telegram or a dedicated portal.

“The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums,” the dedicated IC3 subdomain said.

“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.

“Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co and run by pompompurin) operated a similar hacking forum from March 2022 until March 2023. Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.

“Below is a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums.

“Please complete all fields of the questionnaire to the best of your ability and the FBI will be in contact with you as soon as possible. If you have any questions, please contact us at [email protected] or t.me/fbi_breachforums.”

Additionally, the seizure message appeared on the Telegram account of Baphomet, which suggests his account and devices have been seized and that they have possibly been arrested.

Prolific threat actor and major Breach Forums user IntelBroker also said that Baphomet had been arrested. The seizure of his accounts and devices would also potentially explain how the FBI took control of the site.

The BreachForums takedown comes less than a week after IntelBroker claimed to have exfiltrated data from Europol, posting a sample to the infamous hacking forum online.

“In May 2024, Europol suffered a data breach and lead to the exposure of FOUO [For Official Use Only] and classified data,” said IntelBroker.

“Compromised data: Alliance employees, FOUO source code, PDFs, Documents for recon and guidelines.”

According to IntelBroker, the Europol agencies that were breached include the CCSE, Cryptocurrencies - EC3, Space - EC3, Europol Platform for Experts, Law Enforcement Form and SIRIUS.

Responding to IntelBroker’s post, Europol released a statement confirming that it was aware of the claims and that it was investigating the incident.

“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol said in a statement seen by BleepingComputer.

“No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”

The latest BreachForums takedown is not the first, with law enforcement agencies seizing the site last year, having arrested its old administrator, pompompurin, also known as Conor Brian Fitzpatrick.

Fitzpatrick pleaded guilty to the charges.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.