Since 2022, BreachForums has been one of the world's largest and most notorious forums for data breaches and hacking deals. This underground data bazaar is not only a stage for hackers to show off their war chests, but it is also the curation point for many major data breaches and ransom campaigns.BreachForums was originally founded by Conor Fitzpatrick (ID "pompompurin"), and was taken over in 2023 after his arrest by ShinyHunters took over operations. It was later taken offline for MyBB 0day, and some notes were released at the time, the authenticity of which is unknown. In June of this year, France and the United States worked together to arrest several more core members, including ShinyHunters, Hollow, Noct and Depressed.
Core details of the incident
Leak source: allegedly from a member within the original BreachForums.
Leaked content: a zip file named breachforum.7z containing:
Full SQL database file: contains core data such as user registration information, credentials, etc.
User PGP key: may affect the security of encrypted communications.
Statement document: a long, stylized, "poetic" text (.txt), the content of which has been identified as possibly having AI embellishments, or as a leaker's statement.
Authenticity of data: The existing users have verified that the data is authentic and recent by verifying the temporary email address they have used in the document.
Downloaded from: https://shinyhunte[...] rs/breachforum.7z (Note: links have been rendered innocuous for security reasons, please do not access them directly).
Leakage data analysis (email domain ranking)
The statistical ranking of registered email addresses in the leaked data is as follows, clearly reflecting the preferences of the forum's user base, with a very high percentage of private and temporary email services:
Rank Mailbox Domain Name Number of Occurrences Service Type/Characteristics
1 gmail.com 239,747 Mainstream commercial mailboxes
2 proton.me 29,851 End-to-end encrypted privacy mailboxes
3 protonmail.com 12,382 End-to-end encrypted privacy mailboxes
4 onionmail.org 4,668 Anonymous encrypted mailboxes specializing in the Tor network
5 cock.li 4,577 Email hosting service emphasizing anonymity without personal verification
6 yahoo.com 4,478 Mainstream Business Email
7 qq.com 3,290 Mainstream commercial mailboxes
8 mozmail.com 2,395 Privacy forwarding mailbox provided by Firefox Relay
9 tutanota.com / tutamail.com 2,294 End-to-end encrypted privacy mailboxes
10 dnmx.org 1,441 Anonymous mail service
Data Analysis Interpretation:
High concentration of privacy services: more than half of the top 10 domains (Proton, OnionMail, Cock.li, Mozilla Relay, Tuta) are privacy-protecting services focused on anonymization, encryption or forwarding. This shows that BreachForums users are extremely anti-retroactivity and privacy-conscious.
"Room to Operate" Warning: When users refer to "high room to operate", they may be referring to the fact that an attacker can exploit the registration mechanism of these private mailboxes (e.g., without requiring cell phone number verification) to conduct correlation analysis, phishing, or launching targeted attacks against users of specific privacy services.