Barely two weeks after the FBI and the US Department of Justice shut down BreachForums, the notorious data leak site appears to be back online, hawking personal and payment card data purportedly belonging to more than 500 million Live Nation/Ticketmaster customers.
They are unsure if the apparent revival of the operation is legit, or simply a lure by law enforcement to trap bad actors looking to once again buy stolen data from the forum.
BreachForums is a hacking forum and marketplace for cybercriminals to buy and sell all kinds of stolen data, including credit card data, bank account information, Social Security numbers, bank account information, hacking tools, account credentials, and personally identifying information.
The forum, which boasted of having some 340,000 members earlier this year, became the go-to market for illicit data in mid-2022 following the FBI's disruption of RaidForums, another data leak site, which at the time was the biggest of its kind.
Though neither the FBI nor the DoJ have provided many details around the BreachForum domain takedown, ShinyHunters has claimed that the FBI has arrested Baphomet as well, Flashpoint said in a report this week.
For one thing, the same data that ShinyHunters has posted for sale on BreachForums is also for sale from an individual using the handle SpidermanData on another Dark Web site.
The dataset itself - allegedly containing data belonging to 560 million customers - seems suspiciously large and therefore likely not what it purports to be.
The revived BreachForums site also requires users to register if they want to see the content that is available for sale on it.
In separate comments to Dark Reading, Arntz says this wouldn't be the first time that law enforcement has used similar lures to try and trap cybercriminals.
He points to a 2018 sting operation that resulted in the takedown of Dark Web drug site Hansa Market and the takedown of an encrypted device company called ANOM as two examples.
Consistent With Previous Takedowns However, if the BreachForums revival is indeed genuine, that too would be consistent with previous trends, Arntz notes.
Ian Gray, VP of intelligence at Flashpoint, says evidence suggests BreachForums is operational.
Dark Web chatter points to the main BreachForums domain being transferred elsewhere after the law enforcement seizure.
ShinyHunters, the administrator of the shuttered BreachForums, claims to have regained control of the domain seized from the FBI, he notes.
The new forum's domain is planned to be either breachnation.io or databreached.io, he says.
The BreachForums of the world are poised to metastasize, says Patrick Harr, CEO of SlashNext, an email security vendor.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 29 May 2024 21:35:22 +0000