BreachForums Returns Weeks After FBI Shutdown

Just weeks following a major takedown by U.S. authorities, the notorious online marketplace known as BreachForums has made a surprising comeback, raising questions about cybersecurity and law enforcement’s effectiveness in curbing illegal online activities.

The Unexpected Return

Originally shut down by a coordinated law enforcement effort involving the U.S. Federal Bureau of Investigation (FBI), the platform was thought to be out of operation for good. However, the online community was taken aback when BreachForums reappeared on the web, now hosted at one of its previous addresses — breachforums[.]st. 

This revival was publicized by well-known figures in cybersecurity, including Brett Callow, Dark Web Informer, and FalconFeeds. Adding to the intrigue, a user going by the name ShinyHunters, potentially not the original hacker known by this moniker, has posted for sale a vast database containing personal details of 560 million Ticketmaster customers.

Priced at a staggering $500,000, the database includes sensitive information such as full names, addresses, emails, phone numbers, details of ticket purchases, event information, and partial credit card numbers along with their expiration dates. Interestingly, site visitors are being asked to create an account to view the content.

A Honeypot or Not?

The return of BreachForums under suspicious circumstances has sparked a debate among cybersecurity experts about the possibility of the site being a honeypot set up by authorities intended to monitor and trap unwary criminals who might think the platform is still a safe haven for their activities.

Breach Forum’s clearnet site is back. Honeypot?

Today, ShinyHunters in the chat group hinted directly at regaining control of the domain.#Cti #Cyberattack #Darkweb pic.twitter.com/nDU25y2NGT

— FalconFeeds.io (@FalconFeedsio) May 28, 2024

This twist follows the recent seizure of new domains previously associated with BreachForums and the apprehension of its supposed administrators, known in the digital underworld as Baphomet and ShinyHunters. Further actions saw the takedown of a related Telegram channel, signaling a broad and ongoing effort against cybercriminal infrastructure.

Implications for Cybersecurity

BreachForums’ reemergence highlights significant challenges in the fight against online crime. It raises critical questions about the security of domain registrars and the methods employed by cybercriminals to reclaim seized assets. Hackread reports that the domain was taken back from the registrar NiceNIC, though details remain scant.

Both the Department of Justice (DoJ) and the FBI have remained silent on the latest developments. The situation highlights a dynamic battleground in cybersecurity, with each side continually adapting to the other’s moves. It is clear that the battle between cybercriminals and law enforcement is far from over. Which side will gain the upper hand? Only time will tell.