The personal member data of the BreachForums v1 hacking discussion board from 2022 has been leaked on-line, permitting risk actors and researchers to realize perception into its customers.
A number of boards have operated beneath the identify BreachForums, all dedicated to constructing a group of collectors and risk actors who commerce, sale, and leak information stolen from breached corporations.
The primary data breach discussion board to rise to prominence was RaidForums, and after the FBI seized it in 2022, a risk actor generally known as Pompompurin launched a remake known as BreachForums (aka Breached) to fill the void.
This discussion board shortly rose to prominence, with risk actors proudly leaking large quantities of stolen information, together with information from U.S. Congress’ healthcare supplier D.C. Well being Hyperlink, RobinHood, and Twitter information leaked utilizing an uncovered API.
Nevertheless, quickly after the D.C. Well being Hyperlink information was leaked, the FBI arrested the discussion board’s proprietor Conor Fitzpatrick, aka Pompompurin, in March 2023.
Quickly after, a number of cases of the discussion board have been created and seized by legislation enforcement. The most recent incarnation was launched by ShinyHunters (now handed to new admins) and remains to be in operation right now.
On account of a number of websites utilizing the identical identify, the just lately leaked information is from what we are going to name BreachForums 1.0, the positioning created initially by Fitzpatrick in 2022 and ultimately seized by the FBI in 2024.
BreachForums 1.0 information leaked
Final week, a well known risk actor named Emo leaked the private data of 212,414 members of BreachForums 1.0.
In accordance with Emo, the info comes instantly from Fitzpatrick, who allegedly tried to promote it in June 2023 for $4,000 whereas out on bail. Emo says the info was ultimately bought by three risk actors.
Fitzpatrick was arrested once more in January 2024 for violating the phrases of his pretrial launch situations, together with utilizing an unsupervised laptop and a VPN. It’s not recognized if this was associated to his tried sale of the BreachForums information.
In July 2023, somebody named ‘breached_db_person’ tried to promote the discussion board database for $100,000 – $150,000 on the hacking discussion board.
The vendor additionally shared the for-sale information with Troy Hunt, who advised BleepingComputer it included the identical information leaked by Emo and different database information. Hunt subsequently added the knowledge to the Have I Been Pwned data breach notification service.
Emo advised BleepingComputer that this information is from a November 2022 BreachForums database backup, the final one uploaded to Fitzpatrick’s MEGA account.
The leaked information incorporates a discussion board member’s person ID, login identify, e mail handle, registration IP handle, and the final used IP handle when visiting the positioning.
BleepingComputer has analyzed the database and verified that it incorporates the correct data of many researchers who had accounts on the unique BreachForums.
This information seems to be a handbook export, as it’s not within the MyBB discussion board database format however somewhat exported as tab-separated values.
Whereas it is doubtless that the database is already within the palms of legislation enforcement after the discussion board was seized, this information may nonetheless be useful for security researchers who generally construct profiles of risk actors.
Utilizing the leaked e mail addresses and IP addresses, researchers and legislation enforcement can hyperlink BreachForums members to different websites, their geographic location, and doubtlessly to their actual names.
The RaidForums database, which contained the info of 478,000 members, was equally leaked on-line in Could 2023.