The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning
BreachForums, one of the top marketplaces for stolen data, abruptly shut down on April 15, leaving users reeling from the sudden loss of access to their favorite platform. The shutdown was sparked by a MyBB 0-day exploit that allowed law enforcement agencies to infiltrate the forum.
The news sent shockwaves through the cybercrime community, with rumors abound about FBI raids and the arrest of the administrator, Conor Brian Fitzpatrick, known online as "pompompurin." However, in a statement published by BreachForums, administrators confirmed that no arrests had been made and that their infrastructure remained intact.
BreachForums was an English-language cybercrime forum that emerged in March 2022 as a successor to the dismantled RaidForums. It served as a marketplace for threat actors to buy and sell stolen data, hacking tools, and compromised credentials. The forum's administration changed hands multiple times after Fitzpatrick's arrest in March 2023, including to the hacking group ShinyHunters and later to an individual known as "Baphomet."
Despite efforts to keep it operational, BreachForums faced repeated shutdowns and domain seizures by law enforcement agencies, including the FBI. The forum's administrators have long been aware of the risks posed by the platform, but they continued to operate despite these threats.
According to a statement published by BreachForums, the forum ceased operations after the discovery of a zero-day vulnerability in the open-source forum software MyBB that was used by the platform. Law enforcement agencies may have exploited the flaw to infiltrate the forum. "In or around April 15, we received confirmation of information that we had been suspecting since day 1 – a MyBB 0day. This confirmation came through trusted contacts that we are in touch with, which revealed that our forum (http://breachforums.st) is subject to infiltration by various agencies and other global law enforcement bodies."
"Upon learning of this, we immediately took action by shutting down our infrastructure and initiating our incident response procedures," the statement continued. "Our findings indicate that, fortunately, our infrastructure were NOT compromised, and no data was infiltrated." Administrators pointed out that they had begun auditing the MyBB source code and believed they had identified the PHP exploit.
As a result of the shutdown, several alternative forums emerged, some demanding entry fees. This has fueled confusion among users and raised concerns about scams or government-run honeypots. BreachForums administrators have warned users to be cautious and verify trusted sources before engaging with any new platforms.
"Thoughts?—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 Hello everyone, We would like to provide an update on recent events over the past two weeks. In or around April 15, we received… pic.twitter.com/NUZvc2Ekj0
Follow us on Twitter and Facebook for more updates on cybersecurity news and trends.
@securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, data leak forum)