BreachForums Seized Again: Top 10 Hacks by ShinyHunters and Cybercrime Insights

BreachForums, one of the most notorious cybercrime forums and the successor to RaidForums, has been seized by U.S. and French authorities. The platform, operated by ShinyHunters and allies under the Scattered Lapsus$ Hunters alliance, had evolved into a major data-leak and extortion portal, targeting Salesforce and numerous high-profile organizations. This seizure highlights the continuous threat posed by professional cybercriminal groups and the critical need for proactive monitoring and security measures.

From RaidForums to BreachForums

BreachForums was founded in 2022 as the direct successor of RaidForums, filling the void left by its shutdown. RaidForums itself was originally created by Conor Fitzpatrick, also known as Pompompurin, who was arrested in March 2023 in New York by the FBI for orchestrating one of the largest credential leak forums of its time. His arrest marked the beginning of a global crackdown on online cybercrime forums. BreachForums inherited many of the same users, tools, and underground reputation, quickly becoming a hub for advanced hacking activities.

Initially a place for sharing stolen credentials, hacking tutorials, and tools, the forum rapidly escalated into a platform for large-scale social engineering campaigns, phishing, ransomware, and corporate data extortion targeting organizations worldwide.

ShinyHunters: One of the Most Dangerous Cybercriminal Groups

ShinyHunters, the main operator behind BreachForums, is widely recognized as one of the most dangerous hacking groups today. Their operations span data theft, corporate extortion, credential leaks, and the sale of sensitive data on both clearnet and dark web platforms. The group often uses social engineering, phishing campaigns, and exploitation of misconfigured SaaS applications to infiltrate corporate networks, including Salesforce, Zoom, and cloud storage systems.

Top 10 Notable BreachForums and ShinyHunters Hacks

1. Disney Data Leak (2023) - Exposed employee credentials and internal systems, pressuring Disney to pay ransom.
2. McDonald’s Customer Data Breach (2023) - Leaked customer data including loyalty accounts and email lists.
3. Qantas Systems Hack (2024) - Compromised corporate systems and customer booking data.
4. UPS Logistics Database Leak (2024) - Exposed shipment tracking and operational data, causing disruption.
5. Salesforce Enterprise Breach (2025) - Targeted Salesforce clients using leaked admin credentials for lateral movement.
6. Zoom Account Compromise (2023) - Stole login credentials and internal meeting recordings, later sold on forums.
7. Airline Loyalty Programs Hack (2024) - Exposed reward points and personal data from multiple airline programs.
8. Gaming Platforms Breach (2023) - Compromised multiple gaming accounts and associated payment data.
9. Crypto Exchange Data Leak (2024) - Exposed sensitive customer data including KYC documents from smaller crypto exchanges.
10. Healthcare Records Exposure (2025) - Breached several clinics, leaking patient data and insurance details.

Hackers Confirm the Seizure

Following the seizure, ShinyHunters released a PGP-signed statement confirming BreachForums servers and backups were destroyed. They admitted archives from 2023 onward were compromised. Despite the seizure, the group continues their extortion campaigns via dark web services, emphasizing the need for organizations to implement proactive cybersecurity solutions.

Dark Web Presence and Continuous Threats

While the clearnet domain is gone, the BreachForums onion service remains operational. Hackers continue leaking stolen data, selling credentials, and coordinating extortion campaigns. Organizations are advised to use advanced monitoring services like Codeila to detect exposure early and prevent massive breaches.

BreachForums Timeline