15-10-25, 10:48 PM
The FBI seized a BreachForums domain used by the ShinyHunters group as a data leak extortion site for the widespread Salesforce attacks, with the threat actor stating that law enforcement also stole database backups for the notorious hacking forum.
In October, the domain was converted into a Salesforce data leak site by Scattered Lapsus$ Hunters, a gang claiming to consist of members linked to the Shiny Hunters, Scattered Spider, and Lapsus$ extortion groups, to extort companies impacted by the Salesforce data theft attacks.
On Tuesday, both the clearnet breachforums.hn data leak site and its Tor counterpart went offline. While the Tor site was quickly restored, the breachforums domain remained inaccessible, with its domains switched to Cloudflare nameservers previously used for domains seized by the U.S. government.
In addition to taking down the data leak site, ShinyHunters confirmed that law enforcement gained access to archived databases for previous incarnations of the BreachForums hacking forum.
The ShinyHunters team stated that no one in the core admin team has been arrested, but they will not launch another BreachForums, noting that such sites should be viewed as honeypots from now on.
