The website and Telegram page for the notorious BreachForums platform, a popular bazaar for stolen data and cybercriminal tools, appears to have been seized. On Wednesday morning, the BreachForums website was replaced by a takedown banner featuring the insignias of the FBI and Justice Department, as well as international agencies like the U.K.’s National Crime Agency (NCA) and others in Australia, New Zealand and Switzerland. “This website has been taken down by the FBI and DOJ with assistance from international partners,” the notice says. “We are reviewing the site's backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us.” The FBI did not respond to requests for comment and the DOJ declined to comment. The agencies also created a website where people involved in BreachForums can come forward to share evidence. On that page, the FBI said BreachForums has been run by a threat actor known as ShinyHunters since June 2023 and has been a “clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.” Another version of BreachForums was taken down by law enforcement last year, and its operator was arrested in a raid on his parents’ New York home. He pleaded guilty to numerous charges and was sentenced to 20 years of supervised release in January. Almost immediately after the takedown, a new person going by “Baphomet” took over the platform and pledged to create a new version of it. Baphomet’s Telegram channel was also taken over by the FBI on Wednesday, with a notice saying the FBI and DOJ are “reviewing the site's backend data.” A notice on Telegram claiming that Baphomet's channel was seized by the FBI. In each notice, the FBI and DOJ urge victims and others to contact them with any information about the platform or the harms caused. The Justice Department last year accused the platform’s previous administrator of providing access to the sensitive personal information of millions of U.S. citizens. The FBI noted on its victim reporting form that BreachForums was preceded by Raidforums — which operated from early 2015 to February 2022 before it was taken down by law enforcement and its administrator was detained.
Get more insights with the
Recorded Future
Intelligence Cloud.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.