Group Resurrects Hacker Site Despite Multiple Law Enforcement Disruptions
In a notable series of developments within the realm of cybercrime, the extortion group ShinyHunters announced the revival of the notorious BreachForums, a platform that has long been a hub for hackers to trade stolen databases, hacking tools, and share knowledge on various cybercriminal activities. This announcement came on Monday, the 3rd of April, 2026, shedding light on the ongoing battle between cybercriminals and law enforcement agencies.
BreachForums, also known as Breached, has faced numerous challenges from law enforcement in the past, including arrests and takedowns. Yet, despite these disruptions, forums dedicated to illegal data exchange and cybercrime continuously emerge anew. This latest iteration of BreachForums arose after the platform’s infrastructure, including its complete database and source code, was reportedly hacked directly from its server and put up for sale for a staggering $10,000. The new administrator, identifying himself only as "X," claimed affiliation with the ShinyHunters group and detailed a chaotic transition of power when the previous administrator, dubbed "N/A," panicked upon learning of the breach and swiftly exited without any communication to the existing community.
This sudden departure led to the announcement, made on March 16, that “BreachForums is dead.” Through this message, a plea for a responsible team to assume control of the forum was initiated, signaling internal turmoil amid external pressures from law enforcement.
The implications of these breaches are far-reaching. In the wake of the earlier BreachForums vulnerability, a hacker leaked an extensive cache of 918 databases on Telegram. These databases contained sensitive information, including personal names, usernames, email addresses, passwords, payment card details, and even health information. Milivoj Rajić, the head of threat intelligence at cybersecurity firm DynaRisk, elaborated on the critical nature of this breach. He emphasized that many records tied back to historical breaches of well-known entities such as Nvidia, Tesco, Experian, and T-Mobile, among others. Even data from incidents dating as far back as 2012, including LinkedIn breaches, still represents a potential threat as many individuals fail to update their email credentials.
Rajić pointed out that while these breaches had previously been public knowledge, their recent availability for free and in a centralized location elevates the risk for organized cyberattacks, including phishing schemes, ransomware outbreaks, and potentially even state-sponsored espionage, especially given the heightened geopolitical tensions currently in the world.
Currently, at least two separate cybercrime forums under the BreachForums banner have surfaced. While they appear to be competing entities, there is a possibility that one or both could serve as operations for law enforcement agencies attempting to trap cybercriminals. “X” from ShinyHunters asserted theirs is the only genuine forum, having been entirely rebuilt from scratch after the previous admin’s abrupt exit with approximately $4,000.
Law enforcement agencies have been persistently targeting these platforms, employing tactics to disrupt and infiltrate large-scale operations. The previous BreachForums was a direct byproduct of the takedown of RaidForums in 2022, which had laid the groundwork for further replacements, such as the very forum currently in question. The original American administrator, Conor Brian Fitzpatrick, was arrested and sentenced to three years in prison following a vigorous pursuit by authorities.
Under the banner of ShinyHunters, this new iteration of BreachForums launched in 2023, subsequently facing disruptions and arrests among multiple operators. Earlier in 2025, an international law enforcement operation successfully dismantled another forum, known as LeakBase, demonstrating the ongoing commitment of authorities to combat cybercrime.
On January 9, a website associated with ShinyHunters published a database containing information on 323,986 registered users of BreachForums. Experts from cybersecurity firm Resecurity noted that the authenticity of this data remained uncertain, cautioning that it might have been a ploy to mislead investigations, potentially serving to distract law enforcement while allowing criminals to continue their operations.
The latest version of BreachForums features listings from previously targeted victims of ShinyHunters, such as prestigious universities and major companies that allegedly refused to pay ransom demands. The group claimed to have obtained sensitive customer data from these entities through third parties, raising further concern over the vulnerabilities in data protection practices across industries.
The financial motivations driving these criminal operators remain an area of ongoing debate. While it is evident that selling stolen databases can yield significant profits, many attackers may also derive value from promoting their past hacks and leveraging this notoriety to intimidate potential victims into compliance.
The continued evolution of cybercrime forums like BreachForums underscores the persistent cat-and-mouse game between cybercriminals and law enforcement. As long as there is demand for cybercrime services and data, these forums will likely resurface, demanding constant vigilance from both cybersecurity professionals and regulatory bodies.