In a cross-border law enforcement operation, led by the FBI and DOJ, the notorious cybercrime forum BreachForums has been shut down.
Before it was blocked, the site was popular from mid-2023 to May 2024 for being a platform for the leaking and selling of illegally obtained business data to cybercriminals.
While this takedown is clearly a win for law enforcement, when BreachForums’ predecessors were removed, new sites appeared to replace them. Hacking platform RaidForums was operational from 2015 and 2022, also offering stolen corporate data before it was seized by law enforcement.
Just hours after BreachForums was taken down, another cybercrime group said they would be looking to launch a new platform that carries on the work of BreachForums. When one cybercriminal site falls, it is common for a new platform to take its place relatively quickly.
“BreachForums is under the control of the FBI. This website has been taken down by the FBI and DOJ with assistance from international partners,” said the message on the BreachForums domain.
As before, cybercriminals will continue to create new platforms where stolen data can be traded, with international law enforcement agencies following closely behind to stop their work. According to the FBI, the backend of the site is currently being reviewed and they have called on anyone with more information on the criminal activities to speak to them as soon as possible.
A telegram group controlled by the admin of BreachForums was also taken down by the FBI, indicating that communication between the cybercriminals may have been disrupted. BreachForums and its predecessors have hosted several high-profile sets of stolen data, including information from the FBI’s InfraGard database containing more than 80,000 members and healthcare data related to more than 50,000 people from health insurance marketplace DC Health Link.
In October, Genetic testing company 23andMe confirmed a hack in which data from millions of users had been stolen. It was reported hackers posted an initial data sample on BreachForums, claiming it contained 1 million data points about Ashkenazi Jews. Users of Chinese descent were also impacted by the leak, with thousands of people affected.