The notorious cybercrime and data leak marketplace, BreachForums, has been compromised and is now allegedly operating as a honeypot controlled by international law enforcement. The startling announcement came from the well-known threat actor ShinyHunters via a PGP-signed message posted on Telegram. According to the message, French law enforcement, in coordination with the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), seized control of the platform, its infrastructure, and its official PGP key. Shortly after this warning was issued, the forum went offline, adding weight to the claims.
In the detailed message, ShinyHunters warned that law enforcement has had deep access to the site’s data since its recent reinstatement. The compromised administrator accounts include “Hollow” and “ShinyHunters” itself. Furthermore, the message alleges that the “Founder” account was created and is being operated by a federal agent. This breach means that sensitive user data—including private messages, plaintext passwords, IP addresses, and email addresses—has been exposed to authorities. ShinyHunters also claimed the forum’s source code was altered to capture all user activity, effectively turning the site into a surveillance tool.
To clear up long-standing speculation, the message also confirmed that the administrator accounts “Anastasia” and “Hollow” were indeed alternate identities controlled by ShinyHunters. While asserting that their personal PGP key remains secure and unaffected, ShinyHunters urged users to treat any reappearance of BreachForums as a law enforcement trap. The actor advised the community to stay away from the site, stating it “will not be returning under legitimate operation.” The swift takedown of the forum following this announcement suggests a major disruption in the cybercrime community.
