Redazione RHC : 26 October 2025 08:58
We’ve often quoted this phrase: “Fighting cybercrime is like pulling weeds: if you don’t completely eradicate them, they’ll grow back, much more vigorous than before,” and it’s more relevant than ever.
After months of silence and the FBI’s seizure of the breachforums.sh domain, the underground cybercrime community is back in the news: BreachForums is back online.
The announcement was made on October 20, 2025, by user and moderator koko , who in an official post announced the reopening of the platform and the relaunch of its infrastructure, promising a safe and responsible reconstruction of the community.
Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data.
In the message, koko states that he was a moderator between 2023 and 2024 and that he and the team decided to bring BreachForums back to life.
The post cites technical updates such as full backup restoration, a complete rebuild of the escrow system (after the previous one was compromised by authorities and infiltrators), and new measures for user security and rank management.
The administrator also recommends not using old usernames , encouraging users to create new identities for opsec (operational security) reasons.
To understand the significance of BreachForums ‘ comeback, it’s necessary to trace its genealogy.
It all started with Raid Forums , a forum born years ago as a meeting point for hackers and cybercriminals, where they exchanged stolen data, exploits, and sensitive information.
Over the years, Raid Forums became an institution in the underground community, but also a valuable observatory for security researchers and law enforcement.
In 2022 , an international operation led to the closure of Raid Forums and the arrest of its founder. From that diaspora, the first incarnation of BreachForums (MKI) was born, presenting itself as its natural successor.
The administrator of that version, Brian Fitzpatrick aka PomPomPurin , was arrested in March 2023. The FBI shut down the forum and seized the servers. However, a few months later, one of the former members—known as Baphomet —claimed to have a backup of the platform and launched BreachForums MKII , promising to rebuild it on a more secure basis.
This second instance remained active until June 2024 , when, following a Europol data leak published by IntelBroker (also a member of the ShinyHunters group), the site was seized again.
The associated Telegram channel, Jacuzzi , was also shut down by the authorities, but soon reappeared under the name Jacuzzi 2 , a symbol of an almost legendary resilience in the world of cybercrime.
BreachForums has long had ties to ShinyHunters , one of the most notorious hacking groups in recent years, involved in massive breaches of Microsoft, Banco Santander, Ticketmaster, Tokopedia , and other major global companies.
Formed in 2020, ShinyHunters have earned a reputation for the quantity and scope of stolen data, often sold or distributed on BreachForums itself.
Some members have been arrested – such as Sébastien Raoult , who was extradited from Morocco to the United States – but the group, or what remains of it, continues to operate in more decentralized and difficult-to-trace forms.
The reopening announced by koko marks a return to the clearnet , making access to the forum easier and more immediate, without going through the Tor network. This decision, while facilitating participation, also exposes the site to constant monitoring by the authorities.
In her post, koko emphasizes her commitment to making BreachForums “a safe and responsible place.” This statement is at odds with the platform’s long history as a hub for the exchange of stolen credentials, compromised corporate databases, and the personal information of millions of users.
Despite this, the response from the underground community was immediate: many old users have already flocked to the new instance, while messages of enthusiasm and nostalgia for “the return of the old Breach” are circulating on the forum’s Telegram channels.
The return of BreachForums demonstrates once again how cybercrime is an extremely resilient ecosystem. Every time a forum is shut down, another emerges, one that’s harder to target, more decentralized, and more operationally sophisticated.
Law enforcement will continue to pursue new administrators, but history teaches us that where there is demand for stolen data, there will always be someone willing to offer it.
BreachForums ‘ new direction presents itself as a technical and ideological rebirth, but it remains to be seen how long it will last before another seizure spells its end. In a landscape where cybersecurity and cybercrime are constantly evolving, this latest resurgence is yet another reminder: the fight against digital crime is never truly over.
Redazione