BreachForums seized, but hackers say they will still leak Salesforce data

Law enforcement agencies in the United States and France have seized control of domains linked to the notorious BreachForums hacking forum, commonly used for the leaking of stolen data, and the sale of hacked credentials.

However, observers are warning the takedown - although worthy and laudable - may be more symbolic than final, as a version of BreachForums on the dark web remains active.

If you visit breachforums.hn today you will be greeted by an animated seizure announcement, featuring the logos of the United States Department of Justice, FBI, France’s BL2C cybercrime unit, and Paris Prosecutor’s Office.

Rather than the usual messageboard where cybercriminals traded their wares, the site not points to a specialist subdomain of the website of the Internet Complaint Center (IC3), inviting victims and members of the hacking forums to leave information that could assist in future crackdowns.

Unfortunately, for everyone who isn't a cybercriminal - the underlying Tor-based leak site on the dark web remains active and can continue to be used to expose sensitive data.

Sadly it is also the case that there have been no confirmed arrests of BreachForums administrators announced publicly in co-ordination with the website seizure, although it is - of course - always possible that the backup data seized might contain logs and metadata that could provide clues as to the identities of some of the forum's participants.

A bullish statement issued by the Scattered LAPSUS$ Hunters hacking collective confirmed that the authorities had seized control of BreachForums' domain names and backend servers, alongside backups of its databases stretching back to 2023.

However, the group's statement went on to claim that the seizure would not impact its threat to leak one billion records belonging to Salesforce customers, scheduled for 23:59 EST tonight, 10 October 2025.

On the dark web, Scattered LAPSUS$ Hunters has listed scores of organisations whose Salesforce instances have been breached in recent months, including Adidas, Cartier, Chanel, Cisco, FedEx, IKEA, McDonald’s, Qantas Airways, Toyota, and Walgreens.

For its part, Salesforce has reportedly confirmed that it will not pay a ransom.

What isn't in any doubt is that the authorities have been playing whack-a-mole for some time with hacking message boards like BreachForums. Over the past few years, law enforcement agencies have repeatedly tried - and sometimes succeeded - in disrupting BreachForums and its predecessors. In April 2022, for instance, the US Department of Justice shut down RaidForums and seized its domain, paving the way for BreachForums to emerge.

In March 2023, the forum’s founder Conor "Pompompurin" Fitzpatrick was arrested, and the site temporarily taken offline.

Despite these and other takedowns in its history, BreachForums has repeatedly resurfaced under different domains or backends - highlighting just how resilient underground cybercrime infrastructure can be.