In a swift move, law enforcement has snatched the domains used by the notorious hacking group, ShinyHunters, just as they were about to leak sensitive data stolen from Salesforce. The group had been using these domains to host their data leak websites, but the FBI and French authorities weren’t having it.
The clearnet domain, breachforums.hn, was the first to fall. It was defaced with the classic FBI seizure notice, “this domain has been seized”. This domain had previously served as the home for BreachForums, an underground hub where cybercriminals traded secrets, tools, and stolen goods. After the FBI shut it down twice, ShinyHunters tried to revive it as a data leak and extortion site. But not this time!
Just days before the takedown, ShinyHunters had announced they’d start leaking the Salesforce data, even giving a specific time for the files to go online. But the FBI had other plans. Alongside the French authorities, they took down not only breachforums.hn but also the Tor site. However, the Tor site was back up in no time, and files from over 40 companies, including Qantas, Gap, and Disney, were leaked.
Despite the setback, ShinyHunters haven’t been arrested, so they could still resurrect their forum. But it seems they’re moving on. In a surprising turn, they’ve declared, “The era of forums is over.” Instead, they’re turning to Telegram groups for their shady dealings.
Why the change? Some say it’s because the FBI “destroyed” their database backups. Others suggest it’s because they think any new hacking forums are just “honeypots” set up by cybersecurity researchers and law enforcement.
So, while the FBI’s move was a win, the fight against cybercrime is far from over. Stay tuned for more updates!
