The notorious cybercrime marketplace BreachForums has been seized in a coordinated international law enforcement operation. The site’s clearnet domain, breachforums.hn, now displays a splash page indicating control by the U.S. Federal Bureau of Investigation (FBI), the Department of Justice (DOJ), and French authorities, including the Brigade de lutte contre la cybercriminalité (BL2C) and the National Jurisdiction against Organised Crime (JUNALCO).
Shortly after the seizure on Friday, October 10, 2025, a group identifying itself as the “ShinyHunters / BreachForums Administration Team” posted a signed message on their Telegram channel, confirming the takedown and declaring it “the end of an era.” The message acknowledged the inevitability of the seizure, stating, “We are not fighting this war anymore, this is officially the end.”
The administrators provided details from their own incident response, claiming that law enforcement had successfully compromised their entire infrastructure. They asserted that the takedown was not merely a domain seizure but a comprehensive hacking operation by government agencies, which resulted in the complete compromise of their backend systems. The group also warned former users of the platform to “keep your opsec in check,” anticipating that the FBI and its partners would be “cracking down on many individuals in the next coming few weeks to months.”
Despite the platform’s demise, the group issued a defiant and ominous warning related to a separate campaign. The message explicitly stated that the BreachForums seizure “has no impact on our Salesforce campaigns.” They threatened to leak data from companies who have not complied with their demands, setting a deadline of 11:59 PM New York time on October 10, 2025. This indicates that while the forum is gone, the threat actors behind it remain active and intend to follow through on other extortion efforts.
BreachForums has long served as a successor to other infamous cybercrime forums like RaidForums, which was also seized by the FBI. The administrators’ message alludes to this turbulent history, noting this is the fourth time a forum under their sphere of influence has been targeted by law enforcement. They concluded by stating unequivocally that “BreachForums is never coming back, if it comes back, it should immediately be considered a honeypot.”
According to the statement from the administration team, law enforcement has gained control of the forum’s complete user and operational data. The seized assets allegedly include:
- The latest database backup and all previous backups dating back to 2023.
- All escrow service databases since their creation.
- The backend servers that powered the forum.
This implies that the seized information likely contains sensitive details on all registered users of the platform, including:
- Usernames
- Email addresses
- IP addresses (registration and login)
- Hashed passwords
- Private message contents
- Transaction and activity logs
