ShinyHunters Resurrect BreachForums Shortly After FBI Takedown

The famous (rather, infamous) dark web site BreachForums comes alive as the notorious ShinyHunters resurrect it. BreachForums went down after FBI’s action, but the efforts seem to go in vain.

BreachForums Comes Backs As ShinyHunters Resurrect It

Shortly after going down, BreachForums comes live again – even before people could actually celebrate (or mourn, depending on your preferences) its demise.

As reported recently, BreachForums is back up as the infamous hacker group ShinyHunters decided to resurrect it.

The site enjoyed tremendous popularity in the dark web realm, offering users a platform for all sorts of hacking and criminal discussions. It became even more popular after another similar, RaidForums, was taken down by the Federal Bureau of Investigation (FBI) in 2022.

However, like any other criminal site, the FBI kept on hunting for BreachForums, taking some prompt actions in 2023. Nonetheless, BreachForums revived under the ownership of ShinyHunters and a previous admin “Baphomet”.

Eventually, in May 2024, the FBI seized the BreachForums domains and arrested the alleged admin Baphomet.

But things started to appear awkward as soon after the takedown, BreachForums was brought back to life—once again, by ShinyHunters. (Perhaps that might be why the FBI didn’t issue a thorough press release regarding this activity, except for posting a site seizure announcement on BreachForums domains and Telegram channels.)

Soon after the FBI’s activity, the security community could spot the site’s revival, which they ultimately shared via X posts.

Evidently, the ShinyHunters group bragged about their resistance and the takeover of the site’s domain. Though, they confirmed Baphomet’s arrest.

Wait, Is It The Same BreachForums?

BreachForums hasn’t just reappeared on the dark web and Telegram; it also appears visibly on the surface web, asking for login credentials to enter the site. However, there remains suspicion as some doubt the site is a Honeypot.

Nonetheless, the site even seems active as ShinyHunters began posting breached records on the site. The recent breaches (according to the posts) impact TicketMaster and Shell.

Though, their remain speculations about the legitimacy of these two breaches. Here is a wonderful analysis of the recent BreachForums posts from “CyberKnow” regarding how this could be nothing but an attention-grabbing move from the threat actors, possibly posting previously breached data. (Both Ticketmaster and Shell have previously suffered data breaches.)

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil