Whereas shoppers are normally those nervous about their info being uncovered in data breaches, it is now the hacker’s flip, because the infamous Breached cybercrime discussion board’s database is up on the market and member information shared with Have I Been Pwned.
Yesterday, the Have I Been Pwned data breach notification service introduced that guests can examine if their info was uncovered in a data breach of the Breached cybercrime discussion board.
“In November 2022, the well-known hacking discussion board “BreachForums” was itself, breached. Later the next 12 months, the operator of the web site was arrested and the positioning seized by legislation enforcement companies,” reads the HIBP announcement.
“The breach uncovered 212k information together with usernames, IP and e-mail addresses, non-public messages between web site members and passwords saved as argon2 hashes.”
Breached was a big hacking and information leak discussion board infamous for internet hosting, leaking, and promoting information stolen from hacked firms, governments, and organizations worldwide.
After the FBI arrested the positioning’s admin Pompompurin in March 2023, the remaining administrator, Baphomet, determined to close the discussion board down after believing that legislation enforcement additionally had entry to the positioning’s servers.
Baphomet later launched a brand new Breached Boards clone (referred to as on this article BFv2) with one other data breach vendor often known as Shiny Hunters.
A treasure trove of information
The Breached database is at present being bought by a menace actor going by the title ‘breached_db_person,” who instructed BleepingComputer they shared the database with Have I Been Pwned to show its authenticity to potential patrons.
BleepingComputer has additionally confirmed that identified Breached accounts are listed within the shared member’s desk.
Earlier Breached admin Baphomet has additionally confirmed the authenticity of the database, warning that its sale is a part of a “continued marketing campaign making an attempt to destroy the neighborhood.”
“Not solely was the database submitted to HIBP, nevertheless it’s being actively bought/leaked by at the very least one particular person – even making an attempt to take action on our discussion board,” warned Baphomet.
“For that motive I am certain we’ll see it public quickly sufficient. Judging by the 212k customers, that is possible an older database months earlier than the closing of BFv1, seeing that my final backup of the discussion board has 336k customers.”
Aside from legislation enforcement, the vendor stated that solely they, Baphomet, and Pompompurin have possession of the database.
The menace actor says they’re promoting the Breached database to just one particular person for $100,000 – $150,000 and that it accommodates a snapshot of all the database taken on November twenty ninth, 2022.
BleepingComputer was instructed that the database is 2 GB and accommodates all tables, together with these for personal messages, fee transactions, and the member database.
Supply: BleepingComputer
Whereas the FBI already revealed that they gained entry to the Breached database after they seized the servers, this information can nonetheless be invaluable for cybersecurity researchers and doubtlessly different menace actors.
The vendor, breached_db_person, instructed BleepingComputer that the non-public message tables have a number of incriminating details about discussion board members and that the ‘members‘ database accommodates IP addresses exhibiting that many menace actors do not observe good operational security by utilizing residential IP addresses.
The non-public messages desk is efficacious because it accommodates messages despatched privately between the completely different members of the discussion board, doubtlessly revealing info on previous assaults, identities, and different helpful info.
Samples of the funds desk had been shared with BleepingComputer and comprise info on funds made to buy discussion board ranks (membership ranges with further advantages) and credit (a type of foreign money used on the discussion board).
These funds had been processed by CoinBase Commerce or Sellix, with the Coinbase transactions together with hyperlinks to order confirmations containing delicate info, resembling cryptocurrency addresses and Coinbase fee IDs.
This cryptocurrency information will be helpful to blockchain analytics firms, who can use the cryptocurrency addresses to hyperlink menace actors to felony exercise.
Supply: BleepingComputer
Breached and its members have been chargeable for a variety of hacks, extortion makes an attempt, ransomware assaults, and the leaking of stolen information for a lot of firms. These breaches embody DC Well being Hyperlink, Twitter, RobinHood, Acer, Activision, and plenty of extra.
Subsequently, the non-public messages might be invaluable for researchers, with the vendor stating that they’ve already been contacted by cybersecurity corporations requesting a replica of the info for their very own analysis.
Different menace actors are additionally exhibiting curiosity, with the vendor saying they obtained a suggestion for $250,000.
Whereas it’s too quickly to inform whether or not the database will in the end be bought, even whether it is, it might not be stunning for all the database to be leaked without cost sooner or later.
It is not uncommon for data breaches to first be bought privately after which launched later to extend popularity among the many information theft neighborhood.
Only in the near past, the seized RaidForums data breach discussion board additionally suffered a data breach, and the brand new BreachedForums clone (BFv2) had its database leaked.
