Cybercrime
,
Data Security
,
Fraud Management & Cybercrime
Post-Reboot, Cybercrime Group Claims No Ties to Hacker Site
BreachForums continues to be a focal point of controversy following its recent reboot. An individual claiming affiliation with the ShinyHunters extortion group announced the revival of this long-standing platform, which promotes the purchase and sale of compromised databases and hacking tools. However, a representative from the official ShinyHunters channel has categorically denied any connection, asserting, “We have nothing to do with that forum. We have not revived it since the FBI seizure on October 10, 2025.”
The new emergence of BreachForums has reportedly been facilitated by the hacking of its original infrastructure, including the entire database and source code, which was subsequently offered for sale for $10,000. This reboot was orchestrated by a new administrator known as “X,” who described an abrupt exit by the previous admin, referred to as “N/A,” after the breach became known. According to X, N/A “panicked” and absconded with funds without notifying the community.
The administrative turmoil was exemplified earlier this March when a message surfaced on the previous forum version declaring that “BreachForums is dead” and calling for a new management team. Alongside ShinyHunters’ denial, security experts have pointed to several contradictions in the claims made by X, indicating potential fabrications in their narrative. Moreover, legitimate former operators of BreachForums appear to be taking action to secure various domain names to prevent further unauthorized reboots.
As the situation develops, ShinyHunters continues to identify claims of authenticity by the rebooted forums as attempts by other threat actors to capitalize on earlier data leaks. The group clarified that these false claims enable criminals to potentially extract more value from their earlier hacks, which can elevate the pressure on existing victims to comply with extortion demands.
In addition, the recent BreachForums reboot is notable for its association with a significant data leak. A hacker leaked nearly 920 databases containing personal information from various organizations, including prominent institutions like Nvidia and LinkedIn. This data, some dating back several years, poses a danger due to the likelihood of reuse, as many individuals do not frequently change their credentials. This aggregation of data allows hackers to employ more efficient large-scale attacks, opportunistically targeting specific sectors under existing geopolitical tensions.
At least two separate cybercrime forums masquerading as BreachForums have surfaced recently, potentially leading to further confusion among victims and security personnel alike. The true nature of these forums could range from being duplicitous sellers to legitimate authorities attempting to trap criminals. X claims their reboot is the only true version, having been reconstructed from the ground up following a financial betrayal by N/A.
Continued law enforcement interventions, as demonstrated with past forums like RaidForums and the original BreachForums, underscore the ongoing struggle against cybercrime syndicates. As new breaches are recorded and some forums are dismantled, the fight against such platforms remains critical for cybersecurity, particularly as groups exploit the anonymity of the deep web to further their agendas.
In light of these developments, the challenges of attribution and credibility complicate recovery and enforcement efforts against evolving cyber threats. Security stakeholders must remain vigilant and informed on navigational strategies to counteract the risks associated with compromised data offerings in the wake of these turbulent episodes.
*Update April 5, 2026 15:23 UTC: This story has been revised to reflect further comments from ShinyHunters regarding their non-involvement with BreachForums since October 2025.