Cybercrime Forum Turmoil: ShinyHunters Disavows Connection to BreachForums Reboot
The cybercrime landscape remains fraught with intrigue as a tumultuous series of events unfolds around BreachForums, a well-known forum for hackers. The recent announcement of the forum’s reboot has stoked controversy, particularly as the alleged involvement of the notorious extortion group ShinyHunters has been firmly denied.
On April 3, 2026, a figure claiming affiliation with ShinyHunters proclaimed the revival of BreachForums, also known as Breached, which has long served as a marketplace for the buying and selling of hacked databases, hacking tools, and cybercrime knowledge. However, an individual associated with ShinyHunters quickly refuted any connection. The spokesperson asserted, "We have nothing to do with that forum. We never brought it back up after the FBI’s seizure on October 10, 2025." This denial raises questions about the evolving dynamics of criminal operations on the dark web.
The announcement of the BreachForums reboot came after its infrastructure, complete with a database and source code, was reportedly hacked from its hosting servers. An administrator using the pseudonym "X" claimed that this information was being sold for $10,000. According to X, the previous admin, known as "N/A," panicked upon discovering the breach and vacated the project with no notice, leading to the database falling into unknown hands.
The claims of this new administration appear to be supported by the timing of a message posted in March, indicating that the forum had officially “died.” The previous admin’s appeal for a responsible party to manage the forum suggests turmoil within the ranks, yet this time the situation appears even more chaotic.
Security researchers are voicing skepticism regarding X’s account, noting inconsistencies and asserting that the former operators of BreachForums are actively working to register multiple domains to thwart similar reboot attempts. This situation illustrates the cat-and-mouse game that is prevalent in the world of cybercrime. The ShinyHunters group has further indicated that numerous faux forums have emerged using previously leaked data, complicating the authenticity of any new platform claiming ties to established criminal networks.
Milivoj Rajić, head of threat intelligence at DynaRisk, highlighted the extensive implications of the recent breach, which saw the leak of 918 databases containing sensitive information. Rajić pointed out that the data encompasses personal names, usernames, email addresses, passwords, and even health information. Many data points stem from historical breaches involving notable companies such as Nvidia, Tesco, and LinkedIn. The aggregation of such data in accessible formats enables attackers to conduct large-scale campaigns, increasing the potential for phishing, ransomware, and espionage activities, particularly amidst evolving geopolitical tensions.
As of recent reports, multiple cybercrime forums operating under the BreachForums name have emerged. This proliferation could signify a rise in competition among criminals, or—alternatively—the possibility of law enforcement trying to ensnare offenders in traps that mimic legitimate forums.
X contended that their version is the only authentic one, claiming it has been entirely rebuilt after the disappearance of the previous administrator, who supposedly absconded with $4,000. By expressing the intent to develop a more secure infrastructure, X urges the community to trust in this new development despite the deep-seated skepticism within the cybercrime ecosystem.
Law enforcement agencies continue to engage in proactive efforts to disrupt cybercrime forums, having previously targeted and dismantled platforms such as RaidForums. The first BreachForums emerged as a replacement following a significant crackdown, only to suffer similar fates when its American operator was apprehended. Following a series of arrests and dismantlings in 2023 and 2025, one can only wonder how many more iterations of BreachForums will emerge as law enforcement continues its campaign.
In a curious turn, a ShinyHunters domain recently disclosed a database containing the information of nearly 324,000 registered BreachForums users. The legitimacy of this data remains under scrutiny, as cybersecurity experts assert that such revelations could be a deliberate attempt to mislead investigators by creating a narrative designed to manipulate public perception and foster confusion.
The operational environment for cybercriminals remains fraught with risks and uncertainties. The existence of bogus forums that attempt to mimic successful ones raises serious concerns regarding the motivations of criminals. With attackers increasingly valuing public notoriety and leveraging past successes to leverage future extortion attempts, the potential for repetitive cycles of crime could further complicate the landscape.
As of now, ShinyHunters reiterate their detachment from these unfolding events, maintaining their stance that they have had no involvement with BreachForums since late 2025. However, as the cyber underbelly of the internet continues to adapt, the pivotal question remains: how will law enforcement respond to this ongoing evolution, and what measures can be taken to protect the increasingly vulnerable populace from rampant cybercrime?