{
	"id": "15c0ee0f-3f02-48ab-a9a9-d94050f12302",
	"created_at": "2026-04-06T00:11:52.757063Z",
	"updated_at": "2026-04-10T13:12:58.525833Z",
	"deleted_at": null,
	"sha1_hash": "851d87dfd614409ea69bf9069dc3e7a8476d3aa5",
	"title": "BreachForums Resurfaces on Original Dark Web (.onion) Address",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 183004,
	"plain_text": "BreachForums Resurfaces on Original Dark Web (.onion) Address\r\nBy Waqas\r\nPublished: 2025-07-25 · Archived: 2026-04-05 20:29:18 UTC\r\nThe notorious cybercrime and hacker platform BreachForums has mysteriously resurfaced on its original dark\r\nweb .onion domain. The site appears to be fully restored, including its infrastructure, user-leaked databases,\r\nofficial breach listings and forum posts.\r\nFor your information, in early April 2025, both the clearnet and dark web domains of BreachForums went offline\r\nwithout explanation. Members speculated about possible law enforcement action or a forum seizure.\r\nDiscover more\r\nInternet \u0026 Telecom\r\nHacking \u0026 Cracking\r\nVPN \u0026 Remote Access\r\nThen, on April 28, as reported by Hackread.com, the forum’s homepage was replaced with a message stating that\r\na MyBB 0-day vulnerability had left the site exposed to infiltration attempts by law enforcement, and it needed to\r\nbe taken offline until the issue was resolved. That was the last message before BreachForums disappeared.\r\nAdmin N/A?\r\nHowever, earlier today, Hackread.com spotted that the platform’s .onion domain had become active again, now\r\nunder a new admin handle, “N/A.” The identity of “N/A” is unknown, but they claim the forum’s clearnet domain\r\nwas suspended by the registrar following complaints and pressure from law enforcement.\r\nAdditionally, they claim the MyBB vulnerability has been fixed and that the forum was never compromised, with\r\nuser data remaining protected throughout. “N/A” also addressed reports about the arrests of ShinyHunters\r\nmembers, denying that any original group members have been taken into custody.\r\nFor your information, after the arrest of former BreachForums administrator Conor Fitzpatrick, also known as\r\nPompompurin, the forum reemerged under the leadership of the ShinyHunters group. However, in June 2025,\r\nauthorities claimed to have arrested members of ShinyHunters, along with IntelBroker, another active member\r\nwho had also served as the group’s administrator.\r\n“N/A” also denied ever giving admin access to IntelBroker, claiming it was part of a strategy to divert law\r\nenforcement’s attention away from the original owners. According to the statement, IntelBroker never had\r\nadministrative access to the forum.\r\nhttps://hackread.com/breachforums-resurface-original-dark-web-onion-address/\r\nPage 1 of 2\n\nMessage from Admin N/A on BreachForums (Image credit: Hackread.com)\r\nAs XSS.IS Falls, BreachForums Reemerges\r\nThe return of BreachForums comes at a time when law enforcement is intensifying efforts against cybercrime.\r\nLess than 24 hours ago, in an operation called “Operation Checkmate,” authorities seized the infrastructure of the\r\nBlackSuit ransomware group, including two of its .onion domains.\r\nJust a couple of days ago, the Russian-language cybercrime platform XSS.IS was seized following the arrest of its\r\nsuspected administrator in Ukraine. While its dark web domain remains accessible, posts from admins and\r\nmoderators suggest plans to revive the forum on other domains. Meanwhile, the return of BreachForums presents\r\nyet another challenge for law enforcement agencies.\r\nThe return of BreachForums on the dark web, along with plans to restore its clearnet domains, may be seen as\r\ngood news within cybercrime circles, but it raises serious questions. Is it a honeypot set up by law enforcement?\r\nWho is “N/A”? Where is the original admin team if they haven’t been arrested? If you are active on\r\nBreachForums, sign in at your own risk, and consider quitting cybercrime for good.\r\nSource: https://hackread.com/breachforums-resurface-original-dark-web-onion-address/\r\nhttps://hackread.com/breachforums-resurface-original-dark-web-onion-address/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://hackread.com/breachforums-resurface-original-dark-web-onion-address/"
	],
	"report_names": [
		"breachforums-resurface-original-dark-web-onion-address"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "dfee8b2e-d6b9-4143-a0d9-ca39396dd3bf",
			"created_at": "2022-10-25T16:07:24.467088Z",
			"updated_at": "2026-04-10T02:00:05.000485Z",
			"deleted_at": null,
			"main_name": "Circles",
			"aliases": [],
			"source_name": "ETDA:Circles",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "0263e1e1-4568-410a-a5e4-6932db1d40da",
			"created_at": "2024-06-26T02:00:04.854969Z",
			"updated_at": "2026-04-10T02:00:03.667295Z",
			"deleted_at": null,
			"main_name": "IntelBroker",
			"aliases": [],
			"source_name": "MISPGALAXY:IntelBroker",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434312,
	"ts_updated_at": 1775826778,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/851d87dfd614409ea69bf9069dc3e7a8476d3aa5.pdf",
		"text": "https://archive.orkl.eu/851d87dfd614409ea69bf9069dc3e7a8476d3aa5.txt",
		"img": "https://archive.orkl.eu/851d87dfd614409ea69bf9069dc3e7a8476d3aa5.jpg"
	}
}