Hackers Exposed in Notorious Cybercrime Forum Data Breach

In a surprising twist of events, the notorious hacking forum BreachForums has fallen victim to a data breach. Have I Been Pwned (HIBP), a popular online platform that alerts users to data breaches, has confirmed receiving the breached database, highlighting the ironic fate that has befallen those who once exploited others' information.

"In November 2022, the well-known hacking forum 'BreachForums' was itself, breached," reads the announcement from HIBP. "Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies. The breach exposed 212k records including usernames, IP and email addresses, private messages between site members, and passwords stored as argon2 hashes."

BreachForums was infamous for its role as a hacking and data leak forum, hosting, promoting, and disseminating data pilfered by hackers from various global organizations, governments and companies.

The forum was the hub of underground cybercrime activities until the FBI arrested its administrator, Pompompurin, in March 2023. Following the arrest, the remaining administrator, Baphomet, permanently shut down the website, fearing that its servers were under police scrutiny.

Adding fuel to the fire, Baphomet launched a BreachForums clone which was also subsequently breached. The original BreachForums database is currently being promoted by a threat actor known as "breached_db_person," who supplied the data to HIBP to corroborate the credibility of their claims.

As BleepingComputer reported, Baphomet confirmed the validity of the database, stating that its sale was part of an aggressive campaign to dismantle the community.

"Not only was the database submitted to HIBP, but it's being actively sold/leaked by at least one person - even attempting to do so on our forum," Baphomet said. "For that reason I'm sure we're going to see it public soon enough. Judging by the 212k users, this is likely an older database months before the closing of BFv1, seeing that my last backup of the forum has 336k users."

The seller, claiming to be one of four entities with access to the database - the others being Baphomet, Pompompurin and law enforcement - intends to sell the database to a single buyer for between $100,000 and $150,000.

The database is a time capsule of cybercrime, snapshotting the forum's activities as of November 29, 2022. The data is a treasure trove of information, revealing private messages, IP addresses, and even payment information, recording transactions processed through Coinbase Commerce or Sellix.

Details of cryptocurrency payments are particularly valuable to blockchain analytics firms, who might be able to use them to link crypto wallet addresses to threat actors and criminal activity.

As expected, a leaked database of this caliber can't go unnoticed. Several cybersecurity firms have reportedly taken an interest in acquiring copies of the database for research, while several threat actors have made offers to buy the data. The seller even claims to have received an offer of $250,000.

Currently, the database has an uncertain fate. While it may be sold to a private buyer, the data may also eventually be released to the public for free. In a turn of events that is sure to send shivers down the spines of cybercriminals worldwide, it seems the hunter has become the hunted.