The RaidForums data leak story continues. A user going by the alias Impotent claimed to have data from RaidForums, which they have made available for download on another dark web forum called ExposeForums.
The cybercriminal who joined the ExposeForums in May wrote that the RaidForums data leak contained user data from all individuals including login credentials.
RaidForums data leak
“Today I have uploaded the raidforums.com databases for you to download,…” the administrator of the ExposeForums, Impotent wrote in the post. They uploaded the following data from the alleged RaidForums data breach –
- Usernames
- Passwords
- Loginkey
- Emails
- Usergroups
The authenticity of the uploaded data has not been confirmed yet by any researcher. “All of the users that were on raidforums may been infected,” the ExposeForums post concluded.
Threat Analyst Brett Callow tweeted about the RaidForums data leak, “Some users have supposedly been removed.”
It is not clear whose database is prevented from being leaked by the administrator of ExposeForums and why they chose to protect their identity.
However, a user replied to Callow’s tweet stating that probably the users who were removed were the hackers who leaked the data.
Leaked information from the RaidForums data breach
According to reports, user data of nearly 478,000 RaidForums individuals has been left to be downloaded on the dark web.
The RaidForums database on Expose holds a single SQL file with the registration information of RaidForums members.
The users allegedly registered on the RaidForums between March 20, 2015, and September 24, 2020, according to a Bleeping Computer analysis. ExposeForums members have claimed that their information was also available in the RaidForums data leak in the MySQL table.
Seizure of hacker forums
Hackers have often used underground platforms like RaidForums and BreachForums to post about cyber attacks, data leaks on companies and enterprises causing severe damage to companies in terms of a loss of credibility, class action lawsuits, and most of all, loss of privacy of impacted users.
However, both leak platforms were seized by legal authorities in time along with arresting its administrators who managed the forums.
Seeing the loss of popularity of such underground platforms after police actions, it is likely that the RaidForums data leak post is a mechanism to bring users back to it and create a name for it.
What the legal authorities said about the lifeline of hacker forums
RaidForums website and infrastructure were captured by the collaborative effort of international police and intelligence agencies in April 2022.
Addressing the seizure of the RaidForums, Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division said, “This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator.”
BreachForums was seized in March 2023 with the arrest of its administrator going by the name Pompompurin.
Deputy Attorney General Lisa O. Monaco said, “Like its predecessor RaidForums, which we took down almost a year ago, BreachForums bridged the gap between hackers hawking pilfered data and buys eager to exploit it. All those operating in dark net markets should take note: Working with our law enforcement partners, we will take down illicit forums and bring administrators to justice in U.S. courtrooms.”
Failed attempts to revive hacker forums
ExposeForums came into existence this year. Earlier, a user going by the alias Baphomet failed to revive the hacker forums for data leaks, and data sales. They presided over the BreachForums administrator seat for a little while and then gave up.
Telegram post by Baphomet
The Telegram post read, “I know that everyone wants the forum up, but there is no value in short-term gain for what will likely be a long-term loss by propping up Breached as it is.” They said that a Telegram group may be set up to continue the dark web trade.
The fate of ExposeForums after the RaidForums data leak
It is up to the legal officers to unearth what comes out of the RaidForums data leak.
Speaking of the possibilities, a Bleeping Computer report read, “While it’s likely that the database is already in the hands of law enforcement after the forum was seized, this data could still be useful for security researchers who commonly build profiles of threat actors.”
The Co-Founder & CTO at Hudson Rock, Alon Gal posted about the data found on the ExposeForums. He wrote that the registration IP and last IP of users were corrupted in the database. The reason for the same could not be confirmed whether it was intentionally done or otherwise.
However, he did comment on the usability of the RaidForums data leak for both good and bad causes by saying, “This is an absolute treasure for researchers and law enforcement but also for hackers and doxxers.”
In the short span of 10 days, the administrator of ExposeForums was said to have made some money selling awards and tiers.
Discussing the earnings of Impotent, the administrator, Alon stated that they made $4,500 trading with fellow forum members. Alon also made the following estimations –
- 80 GOD members – $50 each
- 8 MVP members – $25 each
- 25 VIP members – $10 each
Alon stated that nearly half the above amount was made by the administrator today post the RaidForums data leak. “I anticipate this forum will take the lead to become the “go-to” cybercrime forum, and I will update how much they earned in the next 7 days.”
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
