Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
An individual claiming to be the infamous hacker ShinyHunters has said that the old domain is no longer under their control.
The previous administrator of popular clear web hacking community BreachForums has said the forum’s previous domain is currently not in their control and that a change in ownership is on the cards.
“We are ShinyHunters and would like to inform all media and interested parties that we no longer have access to the breachforums.** domain,” Cyber Daily was told overnight via an email purporting to be from a hacker known as ShinyHunters and originating from a BreachForums domain.
“Going forward, we will consider transferring ownership to the individual known as Momondo, who will be responsible for the new domain: breachforums.**.
“We support Momondo in his efforts to revive BreachForums and will continue to assist in its rebuilding and administration.”
Over on the new domain, a user under the name Momondo – who is already claiming to be the new forum’s owner – said in a post dated 5 May that they, too, were looking for a new owner.
“We are currently seeking a new owner for BreachForums,” Momondo said.
“Due to time constraints and other commitments, the current team is no longer able to dedicate the necessary attention to advertising, community engagement, and forum moderation.”
After listing the responsibilities of the role – moderating and managing the forum’s community, advertising, and maintenance – Momondo said this was “a significant opportunity for someone interested in managing and growing an established platform”.
The story so far
BreachForums has gone through several iterations since it was first formed in early 2022, mostly due to law enforcement action. Every time the site has been taken down or seized, it has been able to pop up under a new domain and continue conducting criminal business as usual.
The most recent disruption, however, has led to some apparently conflicting reports.
The previous domain had been down for most of April before the site’s admins posted a text message warning that they had detected possible law enforcement activity within the site’s back end.
“We would like to provide an update on recent events over the past two weeks. In or around April 15, we received confirmation of information that we had been suspecting since day [one] – a MyBB [zero]-day,” a BreachForums spokesman said in a recent, undated update.
“This confirmation came through trusted contacts that we are in touch with, which revealed that our forum is subject to infiltration by various agencies and other global law enforcement bodies.”
Cyber Daily reported on this update on 1 May, and the site’s copy remains unchanged, with one passage in particular warning forum users of possible law enforcement honeypots.
“Finally, we would like to address the growing number of BreachForums clones and the various rumors circulating about us and our administrators,” the update said.
“We want to reassure everyone that no members of our team have been arrested, and as previously mentioned, our infrastructure remains secure. We strongly advise against engaging with these BreachForums clones, as they are likely honeypots and cannot be trusted. Please exercise caution and be discerning in whom you trust and which services you use.”
Hacker drama
The owners of the new BreachForums domain have set up a Telegram chat channel on the side, and one user is already suspecting that the new domain is just that – a honeypot being run by a law enforcement operation.
One thing suggesting the new domain may not be what it seems is the low number of posts. Many sections have zero posts, while the most active – the Announcements section – has only eight since 25 April, and that’s an announcement from Momondo claiming that the “forum is back with the original team behind BreachForums”.
On 25 April, Momondo posted again, claiming that ShinyHunters may have been compromised.
“I have made multiple attempts to contact ShinyHunters, but have received no response,” Momondo said.
“Additionally, their Telegram channel now redirects to the FBI, indicating that their infrastructure may have been seized. Please be aware and exercise caution.”
So, what’s the actual truth? There is every possibility that at least one entity involved in this back-and-forth is a law enforcement operation. At the same time, criminals are, by nature, a paranoid lot, and probably with good reason.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.