{ "id": "24abe2db-5762-4428-87bc-dd00218932ea", "created_at": "2026-04-06T00:20:16.910903Z", "updated_at": "2026-04-10T03:34:59.49987Z", "deleted_at": null, "sha1_hash": "1f76fbca5a2b84468d69f6353ae60116b0a5b021", "title": "BreachForums Returns Under the Control of ShinyHunters Hackers", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 218874, "plain_text": "BreachForums Returns Under the Control of ShinyHunters\r\nHackers\r\nPublished: 2023-06-13 · Archived: 2026-04-05 20:23:25 UTC\r\nThe return of BreachForums was announced by Baphomet on Telegram, one of the administrators of the original forum.\r\nBreachForums, the well-known cybercrime and hacking forum that was shut down months ago, has reemerged\r\nunder new management. The notorious hacking group ShinyHunters has assumed control of the revived platform,\r\nraising alarm among cybersecurity experts and law enforcement agencies worldwide.\r\nConfirmation of BreachForums’ return under the management of ShinyHunters came through Baphomet, one of\r\nthe administrators of the original forum. Baphomet, who remains an active figure within the hacking community,\r\nannounced the resurgence of BreachForums in a PGP-signed message, leaving little room for doubt about its\r\nauthenticity (It could still be a honeypot).\r\n(Editor’s note: You have been warned – use the forum at your own risk.)\r\nFurthermore, a Telegram account using the alias ShinyHunters (@shinycorp) has emerged alongside Baphomet,\r\ntaking charge of addressing the previous users of BreachForums. The account has already begun disseminating\r\ninformation and updates related to the forum’s operations, attracting attention from both potential members and\r\nconcerned individuals.\r\nhttps://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/\r\nPage 1 of 5\n\nBaphomet’s PGP-Signed message and ShinyHunters on Telegram (Hackread.com)\r\nBreachForums, in its previous incarnation, served as a notorious hub for cybercriminals to exchange stolen data,\r\ndiscuss hacking techniques, and orchestrate illicit activities. The return of the forum, now under the auspices of\r\nShinyHunters, has sent shockwaves through the cybersecurity community.\r\nShinyHunters, a hacking group infamous for their involvement in several high-profile data breaches, has\r\nconsistently targeted organizations to steal sensitive information for monetary gain by selling user data on Clear\r\nand the dark web.\r\nThe resurgence of BreachForums under ShinyHunters’ control has raised concerns about the potential implications\r\nfor global cybersecurity. Law enforcement agencies and cybersecurity experts fear an upswing in cyberattacks,\r\ndata breaches, and the facilitation of illegal activities on the platform.\r\nhttps://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/\r\nPage 2 of 5\n\nThe reincarnation of BreachForums as posted by ShinyHunters (Image: Hackread.com)\r\nAs news of the forum’s return spreads, organizations and individuals are urged to remain vigilant regarding their\r\nonline security. It is crucial to implement strong security measures, regularly update passwords, and exercise\r\ncaution when sharing personal information or engaging in online discussions.\r\nWhat Happened to Old BreachForums?\r\nThe original BreachForums emerged as an alternative to the seized RaidForums but was compelled to cease\r\noperations following the arrest of its owner, Conor Brian Fitzpatrick, also known as Pompompurin or Pom.\r\nFitzpatrick, a 2021 graduate of Peekskill High School, was apprehended by the FBI.\r\nSubsequently, the forum remained offline, prompting its members to convene in a Telegram group named “The\r\nJacuzzi” to discuss the forum’s future. It is important to highlight that the FBI was unable to access the forum’s\r\ndomain, preventing its seizure.\r\nAbout ShinyHunters\r\nShinyHunters have gained prominence for their involvement in high-profile data breaches. They are known for\r\ntargeting various organizations, including large corporations and popular websites.\r\nShinyHunters first gained attention in 2020 when they were linked to a series of data breaches, such as\r\nthe breaches of Tokopedia, a popular Indonesian online marketplace, and Microsoft’s GitHub repository. In\r\nthese incidents, they reportedly accessed and leaked millions of user records.\r\nhttps://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/\r\nPage 3 of 5\n\nThe group gained further notoriety by selling stolen data on underground hacking forums and dark web\r\nmarketplaces. They typically target organizations with large user bases and sensitive data, including personally\r\nidentifiable information (PII), login credentials, and financial details.\r\nWhile the exact identity of ShinyHunters remains unknown, their activities and the scale of the breaches they have\r\nbeen associated with have raised concerns about cybersecurity and data protection.\r\nThe Arrest and Extradition of Alleged ShinyHunters Member\r\nIn June 2022, Hackread.com reported how authorities made an arrest at the Rabat international airport. The\r\ndetainee was identified as Sébastien Raoult, a 21-year-old French citizen from Epinal City, France. Raoult is\r\nbelieved to be a member of the notorious hacking group known as ShinyHunters.\r\nHowever, in January 2023, reports emerged stating that Raoult, also known by the alias Sezyo, had been\r\nextradited to the United States. He appeared in a Seattle federal court and pleaded not guilty to the charges against\r\nhim.\r\nDespite Raoult’s arrest, concerns persist regarding the resurgence of cyber threats associated with the\r\nShinyHunters group. One significant cause for worry is the return of BreachForums, a platform previously\r\nhttps://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/\r\nPage 4 of 5\n\nexploited by the group to trade stolen data. This development poses a substantial cybersecurity threat to\r\nunsuspecting users and businesses.\r\nIn light of the past activities of ShinyHunters, organizations that have been targeted by this group must take\r\nimmediate action to fortify their security systems. Strengthening security measures and implementing robust\r\nprotocols are crucial steps to safeguard user data and prevent future attacks.\r\nRELATED ARTICLES\r\n1. ShinyHunters Hack Google-funded delivery service Dunzo\r\n2. ShinyHunters selling 368m users records stolen from 26 firms\r\n3. ShinyHunters Hack Image stock site 123RF Leak 8.3m user data\r\n4. ShinyHunters leak database of Indian wedding site WedMeGood\r\n5. Raidforums Database Leak: Data of 460,000 Users Dumped Online\r\nSource: https://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/\r\nhttps://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/" ], "report_names": [ "breachforums-returns-with-shinyhunters-hackers" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434816, "ts_updated_at": 1775792099, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/1f76fbca5a2b84468d69f6353ae60116b0a5b021.pdf", "text": "https://archive.orkl.eu/1f76fbca5a2b84468d69f6353ae60116b0a5b021.txt", "img": "https://archive.orkl.eu/1f76fbca5a2b84468d69f6353ae60116b0a5b021.jpg" } }