Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown

Its unclear whether a dataset for sale on the site allegedly containing data from more than 500 million Ticketmaster users is real or just law enforcement bait.

Barely two weeks after the FBI and the US Department of Justice shut down BreachForums, the notorious data leak site appears to be back online, hawking personal and payment card data purportedly belonging to more than 500 million Live Nation/Ticketmaster customers.
Researchers at Malwarebytes this week spotted ShinyHunters, an administrator of the BreachForums site, posting the alleged Ticketmaster data for sale for $500,000 on one of its original domains. But they are unsure if the apparent revival of the operation is legit, or simply a lure by law enforcement to trap bad actors looking to once again buy stolen data from the forum.
We dare conclude that this datasets goal is to generate some attention and act as a lure to let old forum users know that BreachForums is alive and kicking, Malwarebytes researcher
Pieter Arntz wrote in a blog post
this week. But who is running the show, is the question that we hope to answer soon.
BreachForums is a hacking forum and marketplace for cybercriminals to buy and sell all kinds of stolen data, including credit card data, bank account information, Social Security numbers, bank account information, hacking tools, account credentials, and personally identifying information. The forum, which boasted of having some 340,000 members earlier this year, became the go-to market for illicit data in mid-2022 following the FBIs
disruption of RaidForums
, another data leak site, which at the time was the biggest of its kind.
Earlier this month, the FBI and the DOJ
seized control of BreachForums
domains and Telegram channels belonging to two of its main admins, Baphomet and ShinyHunters. The move followed the arrest in March 2023 of Conor Fitzpatrick, aka pompompurin, the alleged creator of BreachForums. Though neither the FBI nor the DoJ have provided many details around the BreachForum domain takedown, ShinyHunters has claimed that the FBI has arrested Baphomet as well,
Flashpoint
said in a report this week.
According to Malwarebytes, the reappearance of BreachForums just two weeks after law enforcement seized its domains is suspicious for several reasons. For one thing, the same data that ShinyHunters has posted for sale on BreachForums is also for sale from an individual using the handle SpidermanData on another Dark Web site. The dataset itself — allegedly containing data belonging to 560 million customers — seems suspiciously large and therefore likely not what it purports to be. The revived BreachForums site also requires users to register if they want to see the content that is available for sale on it.
An avatar and a handle are easily copied, and there are a few things that raised our spidey-senses that something is up, Arntz wrote in the Malwarebytes blog post.
In separate comments to Dark Reading, Arntz says this wouldnt be the first time that law enforcement has used similar lures to try and trap cybercriminals. He points to a 2018 sting operation that resulted in the takedown of Dark Web drug site
Hansa Market
and the takedown of an encrypted device company called
ANOM
as two examples.
However, if the BreachForums revival is indeed genuine, that too would be consistent with previous trends, Arntz notes. Criminals like to keep doing what they know works, he says. So dealing with the same administrators and especially the trusted escrow service beats having to find a new one that they dont know yet. So existing users will be likely to return.
Ian Gray, VP of intelligence at

Flashpoint, says evidence suggests BreachForums is operational. Dark Web chatter points to the main BreachForums domain being transferred elsewhere after the law enforcement seizure. Shortly after the seizure, the site included a link to Jacuzzi 2.0, a Telegram chat for BreachForums, Gray says. Today, the landing page for the site includes a link to N.W.A.s F*** Tha Police, he says, referring to American hiphop group N.W.A.s protest song.
ShinyHunters, the administrator of the shuttered BreachForums, claims to have regained control of the domain seized from the FBI, he notes.
More chatter suggests that another BreachForums member USDoD will launch a similar leak site on July 4 that is not associated with the current iteration of BreachForums, Gray notes. The new forums domain is planned to be either breachnation.io or databreached.io, he says.
Unfortunately, the BreachForums of the world are poised to metastasize, says Patrick Harr, CEO of SlashNext, an email security vendor. They are
never fully eradicated
despite treatment or in this case a takedown, he says. The group, like cancer, still lurks in the background, waiting to re-emerge, sometimes in different name or form but with the same purpose.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown