Article Details
Scrape Timestamp (UTC): 2024-05-29 07:18:28.402
Source: https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html
Original Article Text
Click to Toggle View
BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?. The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000. This includes full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates. However, in an interesting twist, visitors of the site are now being asked to sign up for an account in order to view the content. The development follows a joint law enforcement action that seized all the new domains belonging to BreachForums (breachforums[.]st/.cx/.is/.vc), while also hinting that the site administrators Baphomet and ShinyHunters may have been arrested. The operation also resulted in the seizure of the Telegram channel operated by Baphomet, with the U.S. Federal Bureau of Investigation (FBI) noting that it's reviewing the site's backend data. It's not currently clear if the individual(s) using the ShinyHunters persona on BreachForums is the original ShinyHunters hacker. Also unknown is the manner how they came to be in possession of one of the clearnet sites seized by the FBI, although Hackread.com reported that they reclaimed the domain from domain registrar NiceNIC. However, the possibility that it may be a honeypot has not been lost among members of the cybersecurity community. BreachForums emerged in March 2022 in the aftermath of the shutdown of RaidForums and the arrest of its owner "Omnipotent." It was dismantled in mid-June 2023, after which it was revived by Baphomet and ShinyHunters to launch a new site under the same name. Both the U.S. Department of Justice (DoJ) and the FBI have yet to comment on the takedown, or the re-emergence of the forum for that matter.
Daily Brief Summary
BreachForums, a notorious online marketplace, has resurfaced two weeks after a major FBI-led seizure of its domains and infrastructure.
A user named ShinyHunters has listed for sale a 1.3 TB database on the new site, claiming it contains personal data of 560 million Ticketmaster customers.
The data for sale reportedly includes customers' full names, addresses, emails, phone numbers, ticket sales, event information, and partial credit card details.
Following the seizure, new accounts are now required to access content on the site, raising suspicion among cybersecurity experts about a possible honeypot operation.
The individual(s) behind the ShinyHunters persona may not be the original hacker known by that name, and their acquisition of the domain post-seizure remains uncertain.
The FBI is currently reviewing the site’s backend data following the operation; the outcomes and implications of this investigation are still pending.
The reestablishment of BreachForums raises concerns about the ongoing challenges in permanently dismantling cybercriminal networks.