When hackers hack each other - BreachForums 4,000 members' data leaked

BreachForums, previously targeted by the FBI, has experienced a data breach orchestrated by rival forum OnniForums, utilizing a zero-day vulnerability in MyBB software. This is an attack on the new forum page, as the previous forum was seized by the FBI and its alleged owner, PomPomPurin - Conor Brian Fitzpatrick - was arrested.

The attack results in the exposure of personal information of over 4,000 registered members. This incident follows the forum's revival under the control of ShinyHunters hackers and the original moderator team.

The leaked data includes

• login keys,
• usernames,
• email addresses,
• IP addresses,
• password hashes,
• private messages exchanged between forum members

The moderators urged the forum members to reset their passwords. BreachForums had been offline since the early morning of Monday, June 19th, 2023, before recovering on the 20th.

The repercussions of the breach may include the exposure of cybercriminal identities to law enforcement, damage to their reputation within the hacker community, and improved cybersecurity measures as a result of the leaked intelligence.

Update - Have I Been Pwned (HIBP.recently announced that it had acquired access to the Breached forum's database and was sharing information about 212,000 exposed records with its visitors.

The situation escalates further because a threat actor going by the name 'breached_db_person' claims to be selling the entire Breached forum database.  The database reportedly weighs 2 GB and includes all tables, encompassing private messages, payment transactions, and the member database. The price tag for the Breached database is substantial, ranging from $100,000 to $150,000