BreachForums has been reincarnated. But as with all things related to BreachForums, its reincarnation has been accompanied by all kinds of drama.
Act 1: The Prequel: Arrest and Chaos
Act 1. Scene 1. BreachForums’s owner is arrested in New York. The arrest was made on March 15, but first hit the news on March 17.
Act 1. Scene 2. “RIP” messages for “Pompompurin” abound. As people dive into the affirmation filed by the FBI, Conor Fitzpatrick’s lack of OpSec and his reported confession that he was “Pompompurin” and the owner of BreachForums leave some forum regulars shaking their heads and disappointed and others a bit panicky about their own safety.
Act 1. Scene 3. Baphomet, an admin of BreachForums, steps up to the plate and informs people of steps he had already taken and was taking to deal with the situation. When it became clear that law enforcement already had the user database and appeared to be attempting to noisily access the server, he made the decision to take the site down and keep it down.
Act 2: Waiting for Baphomet, or Godot, or Anyone to Just Make a Forum Already!
Act 2. Scene 1. Baphomet provides pgp-signed updates to reassure staff and others that he hasn’t been arrested and is working on creating a secure site. Every few minutes someone on Telegram asks, “When will we have a forum?” or “Does anyone know of a replacement forum?” Others ask about whether they will be able to keep their usernames and ranks when the new forum opens. Without a shoutbox and forum, new Telegram channels for displaced forum users get flooded with banter where the maturity level could perhaps best be described as a combination of kitten gifs, people telling each other “stfu,” trolling, and calling each other feds or racist epithets.
Act 2. Scene 2. Others — some known and some unknown to previous BreachForums users, claim they will be opening a forum. In what may or may not be some kind of insecurity record, Vice Forums opens and closes within an hour. It never comes back as the intended forum. Other already-existing forums like LeakBase try to attract more of BreachForums’ users.
Act 2. Scene 3. Exposed.vc opens with an owner who calls himself “Impotent” or “ImpotentDude” on Telegram. While some BreachForums users sign up, others choose to watch for a while to see what happens. DataBreaches interviews the owner, who, in true dramatic fashion, warns the audience as to what will happen if BreachForums re-opens:
DD: Yesterday it was announced that ShinyHunters will re-open BreachForums with support from BreachForums staff. What are your thoughts on that?”
I: I like to play with my enemies (aka future victims) before the act :^)
DD: Do you consider all competitor sites “enemies?” If you consider ShinyHunters and BreachForums your enemies, how far would you go to make victims of them?
I: I would go as far as I would go to anyone else. It’s nothing special that shiny hunters are affiliated in the project. Just one more name added to the black list. I do take everyone that may steal my business as competitor.
As the curtain falls on Act 2, everyone on Telegram is pretty much betting that Exposed.vc will fold when BreachForums opens again. And despite the fact that Impotent had stated he would not close Exposed if BreachForums opened, on June 8, even before BreachForums opened, Impotent was already changing his tune:
[Intermission during which people get popcorn and watch a former President of the United States get arrested on 37 felony counts.]
Act 3: BreachForums.vc Opens
Act 3, Scene 1: It’s BreachForums’ big day. Despite having claimed that they wouldn’t close if BreachForums re-opened, Exposed.vc appears to be up for sale of ownership. The owner claims they don’t have enough time to maintain the forum.
Within hours, they are accused of scamming. The alleged victims are not named.
Act 3, Scene 2. BreachForums.vc opens under the ownership of ShinyHunters, a blackhat with a string of hacks and leaks that have made them a target of law enforcement in a number of countries. Baphomet resumes his role as an administrator and previous BreachForums staff are involved, except for “Armadyl,” who deleted his Telegram account the previous week for reasons that were not made public. “Manitora,” a username not recognized by DataBreaches, also appears as a forum administrator.
The opening does not go exactly smoothly, and the forum is under DDoS attack.
What evil lurks behind the DDoS attack? From paying attention during Act 2, the audience seems to know that it is ImpotentDude. Hadn’t he forewarned how he would treat competitors? A moderator for BreachForums tells DataBreaches that ImpotentDude paid $17k for the DDoS attack.
ImpotentDude didn’t deny responsibility, and he bragged to DataBreaches about allegedly exposing their backend:
Less than half an hour later, he added (typos as in original):
HEy, its been no more than an hours and shiny thought he should just change up from port 8080 to 3019, well idk what else I can say than, Thanks for all the fun I have while looking at your shit. [IP redacted by DataBreaches.]
Act 3, Scene 3: When asked what was going on with Impotent, ShinyHunters tells DataBreaches, “He literally paid $17k to ddos my forum the day it was released because I wouldn’t agree to partner with him (extortion).”
DataBreaches is not reproducing the chat snippets ShinyHunters showed DataBreaches, but they appeared to be by the @purism and @impotentdude accounts. According to ShinyHunters, Impotent wanted ShinyHunters to buy the Exposed.vc domain and give him 50%. The DDoS attack was apparently a pressure tactic when ShinyHunters didn’t agree to any partnership deal. “You want war!” Shiny was reportedly told.
When asked if ShinyHunters had any response to Impotent’s claims about the forum’s security and the backend, Shiny merely noted, “Well if he had access to the backend, he wouldn’t target our ddos-guard.” When Impotent later posted more criticisms and claims on Exposed.vc about BreachForums.vc, Shiny’s response was, “Well he’s still wrong.”
But why did Exposed.vc put the forum up for ownership sale when it did? To add yet another twist to the plot, someone contacted DataBreaches claiming that Exposed.vc had been hacked and defaced by “OnniForums.”
Who OnnifForums might be is unknown to DataBreaches, but the correspondent claimed, “The forum picked a fight with Onniforums and it was brought down iMMediately-”
Why or how Exposed allegedly picked a fight with OnniForums was not explained, and there was no way to reply to the email to ask. But according to the correspondent, the sale of the forum ownership was allegedly a coverup for the fact that the forum had been hacked.
In its first 24 hours and even with its somewhat bumpy start due to the DDoS attack, BreachForums already had more than 1,200 users registered. One of them doxes PomPompurin.
[ANNOUNCER: Please pick up any trash under your seats and throw it in receptacles in the lobby as you exit the theatre.]
As theatre-goers leave the theatre, Impotent is reportedly still trying to extort ShinyHunters, who tells DataBreaches that Impotent didn’t hack anything and seems to have just found that apache2 server-status had been left open by mistake during setup of the CDN backend.
“He didn’t hack anything, users are safe,” ShinyHunters told DataBreaches.