BreachForums Issues PGP-Signed Message Following Sudden Shutdown Over MyBB Vulnerability
In early April of 2025, the prominent cybercrime hub, BreachForums, experienced an unsettling disappearance from the internet. This abrupt vanishing act raised numerous speculations, particularly surrounding potential law enforcement interventions. The platform, which has been linked to the notorious hacker collective ShinyHunters, shut down without any prior notice or explanation, leaving its community in distress and uncertainty.
Despite fears regarding a possible seizure by authorities, an examination of the domain’s DNS records revealed some intriguing details. The records indicated that BreachForums continued to operate under its original nameservers connected to DDoS-Guard, which is a stark deviation from the typical DNS configurations associated with FBI seizures that usually point to Cloudflare. This consistent aspect led observers to speculate that the site had not been apprehended by law enforcement, but it did not quell the questions swirling around the situation.
Fast forward to April 28, 2025, the situation took a turn when visitors to BreachForums.st encountered a message on the homepage reportedly issued by the site’s administrators. This message, which was notably signed with a PGP key, sought to clarify the reasons behind the sudden shutdown and outlined the forum’s future intentions. The administrators explained that the decision to halt operations stemmed from the emergence of a MyBB 0day vulnerability that raised alarms regarding potential infiltration attempts from law enforcement agencies.
The vulnerability in question had previously caused substantial issues for BreachForums; a notable incident in June 2023 had resulted in a data breach, where personal details of over 4,000 members were leaked, attributed to the same MyBB vulnerability. In their latest communication, the administrators conveyed that upon receiving credible information concerning the security risk, they acted swiftly to implement an incident response protocol. This included shutting down operations and conducting a comprehensive audit of their systems to assess the extent of the threat.
Interestingly, the findings from their investigation indicated that while the forum software was indeed vulnerable, the core infrastructure remained secure, and no user data had been compromised during this period. In light of this, the administrators issued an apology to both staff and users for the prolonged silence, emphasizing that operational security during the crisis had to take precedence. They further announced plans for a complete overhaul of the forum’s backend to mitigate future security risks.
In a move to protect their user base, the administrators cautioned members against engaging with various clones of BreachForums that have recently emerged online. They emphasized that these potential replicas could very well be law enforcement traps designed to ensnare cybercriminals. While asserting their integrity, the administrators clarified that no arrests had taken place and that the original team behind BreachForums was intact and committed to their mission.
However, the message did not address some lingering questions, particularly the deletion of ShinyHunters’ Telegram account. The forum had maintained an active and sizeable community on this platform, making its abrupt removal from Telegram curious. Many users wondered why no updates were communicated via Telegram before the forum’s shutdown.
The unpredictability surrounding BreachForums, coupled with the alarming revelation of the zero-day vulnerability, has intensified concerns within cybercrime circles. The operators’ insistence on the security of the platform stands in stark contrast to the inherent risks associated with operating underground forums, raising doubts about the environment’s overall safety.
ShinyHunters, the hacker group associated with BreachForums, carries a controversial reputation, having been implicated in several high-profile data breaches over recent years. This connection places the forum under constant scrutiny from law enforcement agencies across the globe.
As the situation continues to unfold, various stakeholders, including cybersecurity experts, law enforcement, and the cybercriminal community, are likely to react in ways that may shape the future trajectory of BreachForums. Until a clearer picture emerges, the fate of the forum and its active members remains shrouded in uncertainty. With cybersecurity threats evolving rapidly, the landscape of online criminal forums is bound to face increased challenges, making the community’s sustainability a pressing concern.