After vanishing mysteriously in April, the infamous hacking forum BreachForums appears to be returning, reportedly backed by original operators and known threat actors.
Weeks of silence and speculation followed the site’s sudden disappearance, sparking rumors of a law enforcement takedown or rival sabotage. Now, signs point to a relaunch under a new domain: breach-forums[.]st.
ShinyHunters, known for high-profile data leaks involving Santander, AT&T, and Ticketmaster, are believed to have taken over BreachForums after the 2023 arrest of its founder, Pompompurin.
In a June 3 post on competing forum DarkForums, a user named darked321 announced the forum’s revival, accessible via clearnet and an onion address. The message included a statement from ShinyHunters confirming the site’s authenticity and noting that its undergoing restoration following an infrastructure audit.
Also spotted on the new site’s “Shoutbox” was IntelBroker, a well-known data leaker who had been silent since the April 15 shutdown.
The original takedown led to confusion and finger-pointing, with hacktivist group Dark Storm claiming responsibility without evidence. On April 28, ShinyHunters briefly reappeared with a PGP-signed message blaming a MyBB zero-day vulnerability and warning users against fake replicas.
Since then, several copycat domains have surfaced but failed to gain traction. According to ZeroFox Intelligence, breach-forums[.]st is likely the legitimate successor, as it appears to be operated by individuals with access to original infrastructure. Although new account registrations are currently hindered by MyBB SQL errors, historic posts from 2023 have resurfaced and the forum’s interface has been updated both signs that the reboot may be authentic.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
