BreachForums, an online bazaar for stolen data, seized by FBI

The front page of BreachForums.
Enlarge / The front page of BreachForums.
reader comments 20

The FBI and law enforcement partners worldwide have seized BreachForums, a website that openly trafficked malware and data stolen in hacks.

The site has operated for years as an online trading post where criminals could buy and sell all kinds of compromised data, including passwords, customer records, and other often-times sensitive data. Last week, a site user advertised the sale of Dell customer data that was obtained from a support portal, forcing the computer maker to issue a vague warning to those affected. Also last week, Europol confirmed to Bleeping Computer that some of its data had been exposed in a breach of one of its portals. The data was put up for sale on BreachForums, Bleeping Computer reported.

On Wednesday, the normal BreachForums front page was replaced with one that proclaimed: “This website has been taken down by the FBI and DOJ with assistance from international partners.” It went on to say agents are analyzing the backend data and invited those with information about the site to contact them. A graphic shown prominently at the top showed the forum profile images of the site's two administrators, Baphomet and ShinyHunters, positioned behind prison bars.

The FBI also created a dedicated subdomain on its domain that said: “From June 2023 until May 2024, BreachForums (hosted at and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.” The page provided a form that visitors could fill out to provide tips. At the time this post went live, was not available.


The FBI and the Department of Justice declined to comment.

The action on Wednesday is the second time within a year that the online data bazaar has been taken down by law enforcement. Last June, a different domain used to host the site was seized three months after the FBI arrested its alleged founder and operator. Conor Brian Fitzpatrick, then 21 years old, pleaded guilty to multiple charges. In January, he was sentenced to 20 years of supervised release. Prosecutors said that under Fitzpatrick, BreachForums had provided access to the personal information of millions of US citizens.

Shortly after the June takedown of the site, a new individual stepped forward and revived the forum by hosting it on a new domain, which the FBI said had changed three times. This time around, the FBI also seized the official BreachForums Telegram channel and a second one belonging to Baphomet. Both channels displayed the same graphic appearing on the newly seized BreachForums site. It’s not clear how authorities took control of the Telegram channels.

The claim that authorities have access to the BreachForums’ backend data raises the possibility that they are now in possession of email addresses, IP addresses, and other data that could be used to prosecute site users.

In 2022, the FBI seized RaidForums, another site for buying and selling malware and compromised data.

Listing image by Shutterstock