The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has access to the site’s servers.
Breached was a popular hacking and data leak forum notorious for hosting, leaking, and selling data obtained from breached companies, governments, and various organizations.
The site was a community that attracted threat actors from all realms of cybercrime, including ransomware gangs, data extortionists, security researchers, and those simply interested in cybersecurity’s darker side.
The site, and its members, have been responsible for a wide range of breaches, extortion attempts, and ransomware attacks, leaking the data for many high-profile breaches. These breaches include DC Health Link, Twitter, RobinHood, Acer, Activision, and many more.
Breached was the spiritual successor of the RaidForums forum, frequented by many users before the FBI seized it in April 2022, a few months after the arrest of its founder, ‘Omnipotent,’ in the UK.
Breached forums shut down
The Breached hacking forum has been in disarray since last Friday when the news broke that its founder and owner, Pompompurin, was arrested by the FBI.
Since the arrest, the remaining admin, Baphomet, had taken the site offline while transferring it to new infrastructure secured from potential compromise by law enforcement.
In a series of updates to their site, Baphomet has said that the process has been slow as they are trying to retain operational security (opsec) to prevent their identity from being traced by law enforcement.
The initial plan was to migrate the site to a new infrastructure that would be untraceable, allowing the community of hackers, security enthusiasts, and cybercriminals to continue using the platform.
However, this plan has been canceled as Baphomet shared a “final update” today stating that they “confirmed that the glowies likely have access to Poms machine” — ‘glowies’ meaning Federal agents.
When the infrastructure was taken offline, the admin said they left an old CDN server online that didn’t host any important data.
“Throughout the migration I checked to see if anything was going on that would cause concern during the migration,” reads Baphomet’s message.
“One of the servers checked, was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server.”
“Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login.”
“I now feel like I’m put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users – the list is endless.”
Due to fears that Pompompurin’s devices are now in the hands of law enforcement, and thus they have had access to the Breached infrastructure, Baphomet has decided to shut down Breached for good and let its community members choose where they are heading next.
The Telegram channel will remain up for now, while Baphomet said he would continue to have an online presence, discussing with other forum owners and potentially helping build something new.
As hacking forums are seized by law enforcement, BleepingComputer has seen threat actors migrating to Telegram as new channels can easily be launched as existing ones are shut down.
Telegram has become a hotbed of cybercrime activity, with threat actors amassing followers like celebrities as they leak stolen data, sell stolen accounts, and discuss their latest attacks.
