{ "id": "4b1fd5ce-2d2b-4a34-873d-6ca7ccbd0b1f", "created_at": "2026-04-09T02:22:36.781922Z", "updated_at": "2026-04-10T03:34:59.528219Z", "deleted_at": null, "sha1_hash": "2ed70c9d9868545e01076c8c254ad209e19ce35e", "title": "Confused about the drama with the new BreachForums? Reading this will either help you or make your head spin. - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 84719, "plain_text": "Confused about the drama with the new BreachForums? Reading\r\nthis will either help you or make your head spin. -\r\nDataBreaches.Net\r\nPublished: 2023-06-22 · Archived: 2026-04-09 02:07:31 UTC\r\n[Please see corrections at end of post.]\r\nOver the past week, DataBreaches has been contacted by a few journalists who have been somewhat\r\nunderstandably confused about the situation with the original BreachForums and a new forum calling itself\r\nBreachForums. And from reading news reports this week, I see that some journalists are making errors, so this\r\npost is as much for those wishing to report on BreachForums as much as to provide an update as to what has\r\nevolved into a bit of a soap opera.\r\nFirst things first and no disrespect intended: just because a forum calls itself “BreachForums,” it does not mean it\r\nis really the resurrection or reappearance or “resurfacing” of any earlier forum called “BreachForums.”  Sadly, I\r\nthink that despite good intentions, the new “BreachForums” forum has created a lot of confusion by calling itself\r\n“BreachForums,” and writing “welcome back to Breachforums” in its announcement.  Then again, maybe the\r\nusers understand and it’s just us journalists who get confused. 🙂\r\nBut to prevent confusion, I suggest that from now on, we talk about “BreachedVC”  (the forum owned by\r\nPompompurin that called itself “BreachForums” but was on the breached.vc domain) and “BreachForumsVC”\r\nwhich is the new forum owned by ShinyHunters that also calls itself “BreachForums” but is on\r\nbreachforums.vc. \r\nEven though BreachForumsVC looks a lot like BreachedVC looked and even though it may use some of the coding\r\nfrom BreachedVC, it is not really a clone and needs to be assessed and evaluated in its own right and for its own\r\nreputation. \r\nA Bumpy Grand Opening\r\nBreachForumsVC has been dealing with somewhat to-be-expected glitches and challenges. To get the new forum\r\nup and running, a decision was made to temporarily use MyBB, but ShinyHunters claims they are recoding the\r\nwhole forum and will have it done by sometime in July at the latest.\r\nIn the meantime, some users’ anxiety that BreachForumsVC might be a honeypot or federally controlled was\r\nfueled by some messages that have shown up on BreachedVC warning people about any forum calling itself\r\n“BreachForums.” The warnings quote from an earlier warning by Baphomet after BreachedVC’s owner was\r\narrested but also include a note that BreachForumsVC has already been hacked.\r\nhttps://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nPage 1 of 6\n\nMessages posted on Breached.vc: Any forums claiming to be \"Breached\" or \"BreachForums\"\r\nshould be used with caution. BreachForums will never return.\r\nhttps://databreaches.net/breachforums-down-and-will-not-be-back/ \"Again, the Breached forum will\r\nnot be coming back. If it's back for any reason, you need to assume that is an attempt to target our\r\nusers and is not safe.\" - https://baph.is/updates/safe.txt.asc (Archive) BreachForums clone has\r\nalready been hacked. Do not trust websites impersonating, as said multiple times it wont be\r\nreturning. (links to hacked user db)\r\nMessages have appeared on the website for BreachedVC warning people not to trust any forum\r\ncalled BreachForums. Links to leaked user database redacted by DataBreaches.net.\r\nThe messages on BreachedVC with pages created on the server about individuals known to the community left\r\nmany people with questions about who has access to the BreachedVC server and whether they could trust\r\nBreachForumsVC.  The breached.vc domain was never seized by law enforcement (or if it was, they never\r\nannounced it), but law enforcement may have access to it.\r\nBaphomet, the administrator under BreachedVC and now an administrator for BreachForumsVC, attempted to\r\naddress the warning messages, writing that the control of the page appears to be in government hands or hands\r\nassociated with the government and the messages are intended to create distrust of the new forum. DataBreaches\r\nagrees that the intent of the messages appears to be to create distrust of the new forum, but remains unconvinced\r\nas to who is responsible for the messages and new pages.\r\nBreachForumsVC Under DDoS Attack by Impotent\r\nAs reported previously, “Impotent” of Exposed.vc quickly went from claiming that he would never close his\r\nforum even when ShinyHunters’ forum opened to claiming that his forum was up for sale because he didn’t have\r\nenough time to maintain it. In short order, that pronouncement was followed by (1) claims by others that he was\r\nscamming potential buyers and then (2) claims by yet others that the sale was a cover-up for the fact that\r\nExposed.vc had been hacked by OnniForums.\r\nAnd if that wasn’t enough to make some heads spin, we would later learn that Impotent was simultaneously\r\nDDoSing and attempting to extort Shiny Hunters to give him 50% ownership in BreachForumsVC. Shiny refused.\r\n[In the interests of accuracy, DataBreaches notes that after this site’s previous reporting on Impotent, he contacted\r\nthis blogger on Telegram to say there was a lot wrong in the reporting.  DataBreaches asked him twice to indicate\r\nwhat he claimed was inaccurate so that we could issue a correction if one was needed or address his complaint,\r\nbut he never responded. For those keeping track, his @ImpotentDude account became “Hriste Boze,” and then\r\n“Deleted Account.” Since then he has used a variety of usernames, including, “Mioko.” The Mioko account has\r\nsince been banned on BreachForumsVC.]\r\nEventually, Impotent, who quickly acquired a negative reputation on BreachForumsVC, claimed that Exposed.vc\r\nwas always intended as just an exit scam to get money from any users who would sign up for the forum and pay to\r\nget increased rank. He claimed to have made $56,000 in the scam, although he only pointed to a wallet with\r\n$10,000, allegedly for sign-ups.\r\nhttps://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nPage 2 of 6\n\nLeaving scam victims in his wake and now calling himself “Mioko,” Impotent continued to try to extort\r\nShinyHunters via PM on the forum. The following exchange took place in PM this week, where  Mioko reminded\r\nShiny that he had given him a chance to be a team but Shiny had chosen “big news” instead. That appeared to be a\r\nreference to the DDoS attack. Mioko now asked Shiny again whether he wanted to be a team or if he was ready\r\nfor more “big news.”  Shiny answered, “You already leaked the db. Fuck off.”\r\nIn response, Mioko, eventually backed off in his demands, asking only to be made a moderator and not demanding\r\nany percentage of revenues. In subsequent PMs shown to DataBreaches, Mioko offered to leak his whole\r\nExposed.vc user db and not require any money if Shiny would just make him a moderator.\r\nShiny ultimately rejected his request, writing, “After hours of contemplation, I eventually came to the conclusion\r\nthat, alas, the answer was a resounding ‘No’, though it did keep me up all night.”\r\nShinyHunters permanently banned Mioko from the forum on June 20.\r\nMeanwhile, Exposed.vc Under Attack by OnniForums. Why?  And How?\r\nAlways curious, DataBreaches tried to understand why someone from OnniForums had claimed that Impotent had\r\nstarted trouble with them and so they had attacked Exposed.vc.  My initial efforts to inquire resulted in a ban on\r\nhttps://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nPage 3 of 6\n\nOnniForums by their somewhat exuberant spam filter. But once that was sorted, their administrator, dkota, was\r\nwilling to answer questions.  As to what happened with Exposed.vc/Impotent, dkota wrote (with minor editing):\r\nI was minding my own business in my forum, when the skid owner (Impotent) signed up on the forum,\r\ncame in and claimed to have “leaked” backend IP, which is obviously not true. What they did is just\r\n“ping onniforums.com” and that reveals the domain IP as nature of the internet and how it works.\r\nI did not pay much attention to them until they kept coming and spamming, so I used one out of many\r\n0-days I own and being careful not to burn it, I used it anyway knowing they aren’t smart enough to\r\nfigure out how it works. lol\r\nI had total control of not just the skid owner account but all the mods as well, as well as access to all of\r\ntheir data, IPs, private messages, etc etc.   As soon as the skids realized the hack, they closed site and\r\nput it on “sale” to coverup the hack, which made me a little bit pissed off due fact I used a 0-day and\r\ndidn’t get much coverage by media.\r\nOnniForum’s records showed that Impotent joined their forum on June 11 and was banned shortly thereafter.\r\nObviously, DataBreaches cannot comment on, or verify, whether a 0-day was used, but at least now DataBreaches\r\nhas some explanation as to why OnniForums attacked Exposed.vc. But then, in the next installment of this drama:\r\nOnniForums also attacked BreachForumsVC.  Why? And How?\r\nOn June 19, many of us woke up to find what appeared to be the users database from BreachForumsVC had been\r\nleaked online. It didn’t take long to verify that yes, there were real usernames, email addresses, registration dates,\r\npassword hashes, and binaries of IP addresses.\r\nBut who did it and why? For many people, the assumption seemed to be that Impotent had found some\r\nmisconfiguration and leaked the data. But OnniForums also claimed responsibility.\r\nBut why would OnniForums attack BreachForumsVC?  Dkota also addressed that question in email to\r\nDataBreaches (lightly edited):\r\nThis is actually funny. So after the exposed.vc hack, they for some reason attack each other while\r\ncompletely ignoring fact I just hacked exposed.vc. It seems they ignored us, like hack did not happen,\r\neveryone keep talking about BreachForums like they are gods, APTs, whatever and exposed.vc just\r\nignore the fact I completely owned them.  I felt the media needed a little bit of a wake-up call, reality\r\ncheck so instead of them discussing skid insecure forums, why not discuss actually good forums?\r\nAnyway I hacked them as well (BreachForums) and their security was just as shit as the previous skid\r\nforum (Exposed). The hack was to prove one point: these forums are not secure and are run by clueless\r\npeople, and should not be glorified/talked about 24/7 like they are speaking language of gods. lol  So I\r\nhacked their ass in under 30 minutes. lol\r\ndkota politely declined to be specific about what they had done with respect to BreachForumsVC. But if their\r\nintent was to get some media attention, they certainly got this site’s attention.\r\nhttps://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nPage 4 of 6\n\nMoving Forward?  Or the Lull Before the Next Storm?\r\nIn the wake of the leak of the users db, ShinyHunters posted an apology and explained the problem as an\r\n“automatic MyBB sh backup” that they had now addressed.\r\n“We understand that this has diminished your confidence in us to maintain a secure environment, but we hope that\r\nwith time and the complete abandonment of MyBB in June/July we’ll be able to regain your trust,” ShinyHunters\r\nwrote.\r\nAccording to dkota and one other individual who asked not to be identified, this wasn’t just an automatic backup\r\nissue. But regardless of whether it was a leak or a hack, it was not a good look for a forum where people are\r\nalready concerned about law enforcement having both the RAIDForums and BreachedVC databases.\r\nSo what next? Will Impotent decide to pay a lot of money to get the forum DDoSed again? Will OnniForums and\r\nBreachForumsVC ignore each other and go on about their ways?\r\nTime will tell.  In the meantime, I’ve been checking out OnniForums, which appears to have first opened in\r\nFebruary as Envoy. The forum has some of the same types of sections and data as other forums we’ve seen, but it\r\nalso has some sections that other forums do not have (such as development, carding, and drugs). They also tend to\r\nexclude some data that other forums allow. As one example, when asked about Spanish databases, dkota explained\r\nthat OnniForums tries to keep everything published in English because it is an English forum.\r\nCorrections: Well, it seems that in my effort to clarify, I got the timeline and some things wrong:\r\n1. The hack of Exposed.vc was on the day that BreachFourmsVC launched. But then yes, Impotent then put\r\nExposed up for sale.\r\n2. Onniforums claims that Impotent did not launch a DDoS attack against BreachForumsVC and notes that\r\nthe forum is behind the “ddos-guard” service. His statements are contradicted by Baphomet and\r\nShinyHunter’s statements about fending off DDoS attacks and how Impotent had hired a botnet to attack\r\nthem — but they, too, noted that the forum was behind ddos-guard and Impotent’s efforts were for naught.\r\n3. Unbeknownst to me until now,  Impotent allegedly tried to be made a moderator on OnniForums. dkota\r\nrefused the offer.\r\nIn light of the above, dkota indicates that the correct chronology was:\r\n1. OnniForums hacked Exposed.vc\r\n2. Impotent begged for moderator rank on BreachForumsVC\r\n3. Everyone ignores Onniforums despite them having hacked Exposed.vc so…\r\n4. OnniForums hacks BreachForumsVC as well, and then…\r\n5. Everyone still ignores OnniForums.\r\ndkota’s frustration was clear and he wrote to DataBreaches (typos as in the original:)\r\n“One media outlet even made a whole fucking youtube and not mention onniforums ?? i mean I am the only one\r\nhacking in all of this, breachforums cant hack shit, did not hack shit and neither exposed.vc either they’re just\r\nskids who keep doing “public statements” and shit like that…..despite me hacking their site and posting as clear as\r\nhttps://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nPage 5 of 6\n\nday as them that i hacked them, even when i leak their entire database lol jesus either media hates me or they are\r\nreally retarded. all these “cyberint” companies their entire livelihood is on gathering intelligence yet they fucking\r\nsuck on it lmao i can’t make it more obvious than this honestly so i hope you understand how i feel lol….but at\r\nend of day, who cares? (many, but not me anymore)”\r\nWell, yeah, I care — at least about reporting accurately.  Now will someone please pass me something to stop my\r\nhead from spinning?\r\nSource: https://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nhttps://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/" ], "report_names": [ "confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775701356, "ts_updated_at": 1775792099, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2ed70c9d9868545e01076c8c254ad209e19ce35e.pdf", "text": "https://archive.orkl.eu/2ed70c9d9868545e01076c8c254ad209e19ce35e.txt", "img": "https://archive.orkl.eu/2ed70c9d9868545e01076c8c254ad209e19ce35e.jpg" } }