The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure.
Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site’s online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000.
This includes full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates.
However, in an interesting twist, visitors of the site are now being asked to sign up for an account in order to view the content.
The development follows a joint law enforcement action that seized all the new domains belonging to BreachForums (breachforums[.]st/.cx/.is/.vc), while also hinting that the site administrators Baphomet and ShinyHunters may have been arrested.
The operation also resulted in the seizure of the Telegram channel operated by Baphomet, with the U.S. Federal Bureau of Investigation (FBI) noting that it’s reviewing the site’s backend data.
It’s not currently clear if the individual(s) using the ShinyHunters persona on BreachForums is the original ShinyHunters hacker. Also unknown is the manner how they came to be in possession of one of the clearnet sites seized by the FBI, although Hackread.com reported that they reclaimed the domain from domain registrar NiceNIC.
However, the possibility that it may be a honeypot has not been lost among members of the cybersecurity community.
BreachForums emerged in March 2022 in the aftermath of the shutdown of RaidForums and the arrest of its owner “Omnipotent.” It was dismantled in mid-June 2023, after which it was revived by Baphomet and ShinyHunters to launch a new site under the same name.
Both the U.S. Department of Justice (DoJ) and the FBI have yet to comment on the takedown, or the re-emergence of the forum for that matter.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
The Hacker News
