After several days offline and swirling rumors of arrests and law enforcement action, BreachForums administrators have issued a statement claiming that their forum was not compromised and that no team members have been apprehended.
The announcement, cryptographically signed with PGP, offers the first direct communication from the original forum's team since mid-April.
According to the administrators, on or around April 15, 2025, they received confirmation through trusted contacts that a zero-day vulnerability in MyBB — the forum software powering BreachForums — had been discovered and was actively being exploited. The team reports that they took immediate action by shutting down their infrastructure and initiating a full incident response plan. Their internal audits suggest that although their platform was vulnerable, no actual compromise or data breach occurred. They also claim to have identified the PHP exploit responsible.
The BreachForums team apologized for the silence during the downtime, citing the sensitive nature of their operations as the reason for prioritizing security over communication. They also announced that they are currently working on a full backend rewrite of the forum to mitigate future risks.
This announcement comes after a chaotic week in which a separate party attempted to relaunch BreachForums on a different domain. On April 22, a message appeared on the new site claiming that the forum would soon reopen. However, only a few days later, the same domain displayed a very different message, declaring “BreachForums.ST Seized,” alleging that figures known as “IntelBroker” and “Shiny” had been arrested. A user named “Anastasia” stated they had resigned from the project and were attempting to sell the forum infrastructure and backups for $2,000.
BreachForums, notorious as a marketplace for breached data and hacking tools, had been one of the most prominent English-speaking cybercrime forums following the demise of its predecessors like RaidForums. Its operations have long been a target of law enforcement scrutiny. The platform hosted high-profile leaks and was frequented by individuals involved in major cyber incidents.
The conflicting announcements have left the community uncertain about who truly controls BreachForums' brand and infrastructure. While the original admins warn users to avoid clone sites — labeling them as likely honeypots — the abrupt “seizure” notice and infrastructure sale post further muddy the situation.
At present, no official statement from law enforcement agencies such as the FBI has been released regarding arrests or domain seizures related to BreachForums.
Users who frequented BreachForums should operate under the assumption that any communications or services using its brand could be compromised or monitored. It's recommended that you avoid interacting with new BreachForums domains and rotate credentials used on any of those platforms, as their databases always end up leaked sooner or later.
wow, the first right article i read about breachforums. respect.
Regards,
paw