To get the full history of BreachForums, we first need to discuss the fall of the popular hacking forum RaidForums. This forum was established in 2015, as a dark web forum that offered leaked data, hacking tutorials, and illicit discussions until it was taken down in April 2022 by law enforcement efforts coordinated by Europol.
Just three weeks after RaidForums was seized, Pompompurin, a threat actor who had been very active on RaidForums, decided to officially replace the hacking forum with an alternative forum on the dark web, called BreachForums. Those who are familiar with Raidforums will notice that BreachForums has a very similar design and structure.
In its first six months, BreachForums has become one of the most popular platforms for hacking discussions, including the trade of leaked data, with more than 255K registered users today.
BreachForums is usually used as a platform for users to share and trade hacking tools, exploits, vulnerabilities, phishing kits, etc. Users also use the forum to trade all sorts of leaked and stolen PII such as databases, documents, and compromised accounts, like email addresses, domains, and credit cards.
Below are two examples of common illicit topics discussed on BreachForums:
The next example is a post we found on BreachForums that offers for sale a scam page that looks identical to the official Uber page in Canada. This phishing page is used by threat actors to deceive Uber customers into entering their sensitive data such as credit card details into a system they created – placing it right into cybercriminals’ hands.
In July 2022, a hacker group called Desorden claimed responsibility for a data breach of Better Way Thailand Company Limited (Mistine), a personal care products and cosmetics distributor. Below you can find the post where the group is offering 19.9 million personally identifiable records belonging to the Thai company’s customers, which includes ID numbers, names, addresses, contact details, passwords, etc.
Over the past years, we have seen an upward trend in these types of leaked data on dark web forums.
Currently, there is no need to create a user in order to gain access to the BreachForums. However, there are premium sections and posts where the content is restricted and only available to registered users. Some of the content can only be accessed by paying users.
The platform is using credits to reward users for their contributions. Credits can also be purchased and then used to spend on unlocking hidden content such as leaked databases and compromised accounts. The purpose of this policy is to increase the level of engagement of users and to grow the trade of illegal content.
The next image shows an example of restricted content on BreachForums that can only be accessed with credits:
BreachForums is just one of the hundreds of dark web hacker forums we monitor here at Webz.io. With the wealth of illicit content daily traded on this forum, cyber threat and intelligence organizations will need to monitor this forum in 2023. Tracking this forum together with other illicit content from deep and dark web marketplaces, forums, and chat applications, will help enterprises and organizations detect cyber threats to their business, data, and employees.
Click to Open Code Editor