BreachForums Resumes Operations After FBI Takedown

Earlier this month, the FBI seized the domains of the hacker forum BreachForums (also known as Breached) for the second time. This forum was a marketplace where hackers sold stolen data to other cybercriminals. However, the site returned online just a couple of weeks later and now appears to be under the control of ShinyHunters, one of BreachForums’ former administrators.

Not only did ShinyHunters restore the site, but they also put up for sale a 1.3 TB database containing data on 560 million Ticketmaster customers—one of the largest ticket sales services in the US. The data dump is being offered for $500,000. Previously, this database was listed for sale on the Russian-language hacker forum Exploit.

According to hackers, the dump contains users’ full names, addresses, email addresses, phone numbers, ticket sales and event information, as well as the last four digits and expiration dates of associated bank cards.

Background: Law Enforcement Actions and Forum Shutdown

BreachForums’ website and Telegram channel were shut down by law enforcement on May 15, 2024, with warnings posted stating that the resources and all backend data were now “under FBI control.” The seizure notice included two images from the profiles of site administrators Baphomet and ShinyHunters, with their avatars shown behind prison bars.

This led many to speculate that Baphomet and ShinyHunters had been arrested, although authorities have not officially confirmed this. Law enforcement also took over Baphomet’s personal Telegram channel, posting messages confirming it was under their control.

However, it appears ShinyHunters managed to avoid arrest. The ShinyHunters team recently announced they were unharmed and boasted that none of their members had been detained. According to Hackread.com, which interviewed a ShinyHunters representative, the hackers allegedly regained access to BreachForums and a new darknet domain just one day after the FBI operation. The US Department of Justice and FBI have not made any official statements on the matter, and the FBI declined to comment on arrests or the possible revival of BreachForums.

Expert Commentary on the Forum’s Return

The Register quoted Austin Berglas, a former assistant special agent in charge of the FBI’s New York cyber division, who helped take down the LulzSec group and participated in the closure of Silk Road. Berglas commented:

“The return of BreachForums is not surprising. Completely dismantling an organized cybercriminal group is extremely difficult. Ensuring that everyone with access is in custody and inactive, and identifying and seizing all critical infrastructure—including financial, technical, and communications systems—is necessary to eliminate and severely limit the possibility of a comeback. While law enforcement can seize the main domain(s) and related servers, there may be unknown backup servers and domains that can be activated if needed. Previously unidentified individuals may also have administrative or technical access that can be used after a seizure.”

Previous Seizures and Arrests

Last summer, authorities had already seized BreachForums’ domains and arrested the site’s administrator, Conor Brian FitzPatrick (also known as Pompompurin). He later pleaded guilty to several charges and, in January 2024, was sentenced to 20 years of supervised release. Prosecutors stated that under FitzPatrick’s management, BreachForums facilitated the leak of personal information belonging to millions of US citizens.