A Cyberattack caused a data breach at new BreachForums in which 4,000 members were victimized.

Post Views: 350

A replacement for the prominent hacker and cybercrime forum Breach Forums, which is no longer active, is BreachForums.

BreachForums

A competing hacker forum committed the data breach by exploiting a zero-day vulnerability in MyBB, the free and open-source forum software.

Resources

Under the control of the notorious ShinyHunters hackers, who are working with the original moderator crew from the original BreachForums, BreachForums reappeared.

After the FBI seized the previous forum, PomPomPurin (actual name: Conor Brian Fitzpatrick) was reportedly detained in New York. Investigators detained Fitzpatrick at his Peekskill, New York, home and charged him with one count of conspiracy to commit access device fraud.

The relaunched forum has now experienced a data breach, which exposed the private data of more than 4,000 registered users. Given the complicated dynamics involving security agencies and the previous and present administrations of BreachForums, it was initially difficult to determine the identity and motivations of the hackers responsible for this breach.

Hackers vs. Hackers

But “Weep,” one of the forum’s admins, revealed the existence of a cyberattack during a Telegram conversation. Weep addressed the BreachForums users and blamed a competing community named OnniForums, which takes pride in being a dark web forum centered on security and anonymity, for the data leak.

Weep asked the forum users to change their passwords and revealed that the hack had been made possible using a MyBB zero-day vulnerability. It is significant to note that the BreachForums had been down since Monday, June 19, 2023, early morning. However, at the time of writing, the forum has been restored.

In the meantime, tweets purporting to be from OnniForums‘ official Twitter account have claimed credit for the attack. Another tweet from the forum’s handle claims that they were involved in breaking into another hacker forum called “Exposed.” Notably, a partial database from the now-seized RaidForums that contained information on 460,000 members was published on ExposedForum in May 2022.

The Leaked Data

Initial investigation points to the veracity of the leaked data while uncertainties still exist. The following is a list of the compromised data:

Login keys
Usernames
Email addresses
IP addresses
Password hashes
Registration dates
Members’ last visits and posts.
Number of posts and last activity
Social media handles with profile links and more.

BreachForums, infamous for promoting conversations and trading of stolen data, have once more come under the spotlight as a source of security issues. The forum’s return and this most recent breach highlight the continuous difficulties online communities encounter with securing user information and preventing unauthorized access.

Impact

There are several possible effects if hackers’ personal information is exposed online.

Law enforcement agencies may learn about their identities and actions, which would make it simpler for them to find and capture them. This can seriously limit their capacity to carry on with their cyberattacks in the dark.
They risk having their reputation among hackers damaged, which would make it harder for them to work with other hackers. Cybersecurity experts may benefit from the released data’s important expertise and insights, which will help them better comprehend cybercriminals’ strategies and create more effective defenses.

In general, disclosing an adversary’s personal data can significantly affect their activities and make it more challenging for them to conduct covert operations.

About The Author

Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.