KEY FINDINGS
- The breached forum is BreachForums, started by PomPomPurin.
- The database was shared by “breached_db_person” with HaveIBeenPwned.
- The database is being sold on Telegram and several cybercrime forums.
- The incident took place in Nov 2022, months before the forum was seized by the FBI.
In a troubling turn of events, the remnants of the seized hacking site, BreachForums, have resurfaced as the stolen database is now up for sale by a threat actor known as “breached_db_person.”
This is the same forum where sensitive data, such as the US No Fly List, FBI’s InfraGard, DC Health Link with Members of Congress data, and more, were leaked.
This should not come as a surprise, as hackers getting pwned by other hackers is nothing new. Just recently, the newly surfaced clone of BreachForums under Shiny Hunters’ administration was also compromised, leaking the personal details of more than 4,000 users.
As for the recent developments, according to sources, the stolen database contains a staggering 212,000 records, encompassing sensitive information such as usernames, IP and email addresses, private messages exchanged between forum members, and argon2-hashed passwords.
The data tables within the 2 GB file shared by breached_db_person reportedly include details of member databases, private messages, and payment transactions. The information contained within could potentially provide valuable insights into prior intrusions and the identities of attackers associated with the forum.
There were also indications of payment information tied to forum ranks and credit purchases, further escalating concerns over potential financial repercussions for the victims.
Have I Been Pwned, a central repository for tracking online data breaches and exploits, has confirmed the legitimacy of the stolen data. The breach notification service announced the inclusion of the BreachForums data, allowing users to check if their login credentials have been compromised. Interestingly, the threat actor behind the sale reportedly shared the database with Have I Been Pwned to prove its authenticity to potential buyers.
While the stolen BreachForums data is on the market, it comes at an exorbitant price, with offers ranging from $100,000 to $150,000 for the entire database snapshot taken on November 29th, 2022.
However, security experts and law enforcement agencies strongly discourage any attempt to acquire or use stolen information. Doing so would not only condone criminal activities but also perpetuate a cycle of cybercrime and harm innocent individuals whose data was compromised.