Darknet forum BreachForums changes rules to ban ransomware-related behavior

Recently, the "Operation Cronos" led by US and UK authorities has dismantled a dark web website operated by the LockBit ransomware gang. Following the fallout from this event, "ODN" discovered that the infamous hacker forum BreachForums suddenly announced rule changes, prohibiting all activities related to ransomware.

The notorious BreachForums, also known as Breached, is a hacker forum infamous for trading, leaking, and selling data, renowned for selling and leaking personal data of hundreds of millions of people globally. The current iteration of BreachForums, which people are accessing, was restarted in June last year. In March last year, the original BreachForums administrator "Pompompurin" was arrested by the FBI, leading to the closure of the former BreachForums, with the domain seized by the FBI. "Pompompurin" was sentenced to 20 years of probation in January this year by the Eastern District Court of Virginia.

On February 25th, the administrator of BreachForums, "ShinyHunters" issued a statement with PGP verification, announcing that henceforth, the sale, recruitment, development, and any ransom-related activities would be prohibited. The rule changes are not only targeted at ransomware but also ban:

• Drug sales
• Weapon sales
• Violence as a Service (VaaS)
• Selling credit cards or debit cards
• Selling genuine identity documents or files
• Referral programs or recruiting referral agents

The announcement from "ShinyHunters" (whose avatar seems to be @vinnytroia) stated that the forum's membership has reached a new high of 100,000 members, marking significant progress for the forum, necessitating an overall improvement of the community by its team. The focus of the improvements is on the quality of data or services posted on the forum and minimizing transaction friction as much as possible. The announcement outlined three updates.

The first is general updates, including the establishment of a data escrow platform, removal of the verified leaked data section, and allowing moderator applications. The forum decided to establish a free data escrow platform (https://escrow.breachforums.is/about) and encourages users to use it. The escrow platform can be accessed in both the clearnet domain and the dark web domain, with the minimum escrow amount reduced from $50 to $20 to attract more users. The forum removed the verified leaked data section, as many users did not properly attribute their leaked events, and many users did not know how to verify the data in their leaked events, resulting in the section being inactive. Additionally, the forum is looking for active users and valuable community members, thus opening moderator applications. However, the announcement also stated that becoming a moderator would not involve access to users' IP addresses, email addresses, or any user identity information. Moderators only have the ability to modify posts/topics and enforce bans/unbans.

The second is updates regarding prohibited activities, including not allowing the sale of credit cards/debit cards, not allowing the sale of referral tools and promoters, and not allowing the sale of ransomware-related business. Firstly, the forum continues to prohibit the sale of credit cards/debit cards on the forum and does not allow the posting of credit cards/debit cards unless they are included in the leaked original database. Secondly, the sale of referral tools or recruiting personnel for referral activities is prohibited because, in most cases, these activities are ultimately scams. Finally, it emphasizes the prohibition of software sales, recruitment, development, or ransom related to ransomware, stating that the forum was not originally intended as a forum specifically for ransomware, although ransomware gangs are allowed to appear on the forum, they are not allowed to recruit members on the forum or sell their services or software. However, it also stated that ransomware gangs can sell data or leak data on the forum as long as it is not for further extortion of victims.

The third is an update of a brief statement, indicating that the administrators are working to improve the community. The statement states that they are cleaning up the forum, as low-quality vendors/scammers are flooding the forum, many of whose services/products are not in line with the purpose of BreachForums. While some users may not like some of the content prohibited above, the core user group will not be affected in most cases. BreachForums will continue to empower these core members on the forum and take their opinions seriously to improve the community.

As the largest data breach forum on the dark web currently, "ODN" will continue to follow the further development and outcome of BreachForums.

For more news and updates on the dark web, please follow "ODN".