The Shadow of BreachForums: Understanding the Hub of Modern Cybercrime
Users exchanged tools for SQL injection, phishing, and brute-forcing accounts.
and sensitive information from high-profile corporate leaks. breachforum
The forum proved it had lost none of its potency. In mid-2024, the site made international headlines again when threat actors used it to advertise massive datasets allegedly stolen from major entities, including and Santander Bank . The May 2024 Domain Seizure
Exchange of custom scripts, exploits, and malware. The Shadow of BreachForums: Understanding the Hub of
The primary commodity on BreachForums is Personally Identifiable Information (PII)—names, emails, passwords, phone numbers, and Social Security numbers. This data is bought by malicious actors to fuel phishing campaigns, credential stuffing attacks, and identity theft.
Meanwhile, ShinyHunters—the group that once controlled the forum—has publicly disavowed the current operators. "BreachForums had effectively ceased being run by us after the FBI's seizure of the site on October 10, 2025," the group claimed in a message, branding the currently active BreachForums-branded sites as "fake". ShinyHunters has threatened to leak additional backups, including private messages and IP addresses, if the impostor forums remain online. In mid-2024, the site made international headlines again
This report is for informational purposes only and should not be used for any other purpose.