Floundering, BreachForums goes online again on dark web and clearnet, access restored

Since the data leakage forum BreachForums was seized by the FBI in mid-May, too many stories have happened, and "ODN" has continued to follow up, and on May 24, the third version of BreachForums made a strong comeback under the leadership of administrator ShinyHunters.

However, from June 10th, the forum was once again inaccessible, and the administrator Telegram, as well as BreachForums' Telegram channel and groups, were deleted. After two days of suspicion, BreachForums once again regained access to the darknet and the opennet on June 12th, with no one knowing what happened.

After access was restored again, administrator ShinyHunters posted an announcement on the forums about the recent problems:

Hello BreachForums users!

Some wild stuff has gone down recently. First off, Spamhaus has blacklisted our SMTP host. Then, we ran into more issues with our NGINX config. To top it off, our Telegram account (@shinycorp) and the “Jacuzzi 2.0” group got banned and blacklisted. Because of all this, we’re stepping away from using any Telegram account for ShinyHunters, and honestly, it’s kind of sapped our motivation to keep the forum going, though we’ll keep it alive. If you have any questions about rank, escrow, or anything else, hit up @Hollow (likely the next owner). Also, the canary has been updated.

The announcement literally explains what's behind the downtime, stating that their SMTP host was blacklisted by Spamhaus, that they're experiencing a lot of problems with the server's NGINX configuration, and that their Telegram account (@shinycorp) and the "Jacuzzi 2.0" group were banned and blacklisted.

However, as previously reported, BreachForums' dark and light websites were inaccessible, and their Telegram accounts were deleted at about the same time. Anyone who has a little bit of technical knowledge knows that problems with Telegram accounts will not affect website access; problems with SMTP may cause the website to be unable to send emails, but will not affect the normal operation of the forums; and NGINX configuration errors can be restored in a flash. So ShinyHunters' announcement is hardly convincing, and no one really knows what's going on behind the scenes. According to "ODN", which compiled comments from several media outlets and groups, everyone's trust in BreachForums has been severely diminished.

ShinyHunters said they left Telegram as a result of these setbacks and are less motivated to maintain the forums, though they will continue to operate, and mentioned that Hollow (currently one of the forum's administrators) may be the next owner of BreachForums.

BreachForums' other administrator, Aegis, still has an active Telegram channel and posted about the forum's return on the 13th. In another Telegram group, one user suspected that Shiny Hunters was also an FBI informant, while another said Shiny was state-sponsored and claimed that Gabriel, who had been in contact with Shiny Hunters, had recently been arrested.

The BreachForums that have been tested and accessed by "ODN" have been restored with data as of June 9, 2024, meaning that there was no loss of database during the shutdown. The newly restored forums have also been synchronized with the Canary update, as follows:

Hash: SHA512

Next update by 07-12-2024.



PGP Key: http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/pgp.txt

Fingerprint: 1FC4 D0B1 DEE9 14BB 05B5 7FAB F1F1 B98A 51C9 89B3

BTC Block Hash: 000000000000000000017d7da10976e3fcb69c00e39b0cb114dc85f684e71841


However, forum user "zarniwoop" verified the updated canary.txt on May 24 with the above canary, and found that the latest canary.txt does not match ShinyHunters' PGP KEY, which means the above new canary is not issued by ShinyHunters.That is, the new canary above is not issued by ShinyHunters. Who is BreachForums in the hands of?There are too many unknowns hidden.

What exactly is the identity of ShinyHunters, whether BreachForums is an FBI honeypot or not, and why BreachForums was suddenly shut down and then revived, are all still confusing, and all are question marks to be answered by time.

"ODN" will continue to follow the status of BreachForums.

From:On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.

<<Pre Post
Next Post>>