{
	"id": "ca9fa8bc-1629-4617-bb17-68e56be1be42",
	"created_at": "2026-04-06T00:07:25.457234Z",
	"updated_at": "2026-04-10T13:11:36.972046Z",
	"deleted_at": null,
	"sha1_hash": "644dffd131b1e804e6b0c9cdf5da78150054ee30",
	"title": "BreachForums hacking forum operators reportedly arrested in France",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2929746,
	"plain_text": "BreachForums hacking forum operators reportedly arrested in France\r\nBy Bill Toulas\r\nPublished: 2025-06-25 · Archived: 2026-04-05 16:41:30 UTC\r\nThe French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by\r\ncybercriminals to leak and sell stolen data that exposed the sensitive information of millions.\r\nNews of the arrests come from Le Parisien, which claims the law enforcement operation was carried out by the cybercrime\r\nunit (BL2C) of the Paris police department on Monday.\r\nAccording to reporters, the police carried out simultaneous raids in the regions of Hauts-de-Seine (Paris), Seine-Maritime\r\n(Normandy), and Réunion (overseas).\r\nhttps://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nDuring this action, they have arrested four hackers known online by the handles \"ShinyHunters,\" \"Hollow,\" \"Noct,\" and\r\n\"Depressed.\"\r\nFor months, rumors circulated that another well-known threat actor, \"IntelBroker,\" had also been arrested. Le Parisien\r\nreports that IntelBroker was also arrested by French authorities in February 2025.\r\nThe BreachForums hacking forums have gone through numerous iterations over the years but acted as a community for\r\ncybercriminals to trade, sell, and leak stolen data, as well as sell access to corporate networks and other illegal cybercrime\r\nservices.\r\nIn 2023, the original BreachForums shut down after its operator, Conor Brian FitzPatrick (aka Pompompurin), was arrested.\r\nSoon after, other threat actors in the community launched BreachForums v2, which was led by threat actors known as\r\nShinyHunters, Baphomet, and, later, IntelBroker.\r\nThe five threat actors that were arrested were reportedly involved in the operation of this new launch of the site.\r\nShinyHunters and IntelBroker were admins/owners of the site, and archived posts show Hollow acting as a moderator.  It is\r\nunclear what involvement \"depressed\" and \"noct\" had in the operation of the site.\r\nThose cybercriminals are accused of having direct involvement in data breaches against French entities like Boulanger, SFR,\r\nFrance Travail, and the French Football Federation.\r\nThe attack against France Travail (formerly Pôle Emploi) was particularly notable for compromising the sensitive details of\r\nan estimated 43 million individuals.\r\nIntelBroker rose to notoriety for his involvement in highly publicized breaches at Europol,  General Electric, Weee!, AMD,\r\nHPE, Nokia, and Cisco. However, the threat actor entered the spotlight after breaching DC Health Link, the organization\r\nthat administers the health care plans of U.S. House members, their staff, and their families.\r\nShinyHunters is the most notorious among those arrested, as the alias has been linked to multiple high-profile data breaches\r\nand attacks, including those against Salesforce and PowerSchool, and the SnowFlake attacks, which impacted Santander,\r\nTicketmaster, AT\u0026T, Advance Auto Parts, Neiman Marcus, and Cylance.\r\nThe ShinyHunters threat actors have also been involved in a large number breaches in 2025, with the group believed to\r\nconsist of multiple threat actors operating under the same name.\r\nBreachForums v2 went offline in April 2025 after the site was allegedly breached by a MyBB zero-day vulnerability. The\r\nforum never returned online.\r\nBleepingComputer has contacted the Paris police and ANSSI to comment on the validity and accuracy of the reports, but we\r\nhave not received a response yet.\r\nhttps://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/\r\nhttps://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/"
	],
	"report_names": [
		"breachforums-hacking-forum-operators-reportedly-arrested-in-france"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "0263e1e1-4568-410a-a5e4-6932db1d40da",
			"created_at": "2024-06-26T02:00:04.854969Z",
			"updated_at": "2026-04-10T02:00:03.667295Z",
			"deleted_at": null,
			"main_name": "IntelBroker",
			"aliases": [],
			"source_name": "MISPGALAXY:IntelBroker",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434045,
	"ts_updated_at": 1775826696,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/644dffd131b1e804e6b0c9cdf5da78150054ee30.pdf",
		"text": "https://archive.orkl.eu/644dffd131b1e804e6b0c9cdf5da78150054ee30.txt",
		"img": "https://archive.orkl.eu/644dffd131b1e804e6b0c9cdf5da78150054ee30.jpg"
	}
}