ShinyHunters Reveals That BreachForums Has Been Seized by Law Enforcement and Transformed into a Honeypot
The threat actor collective ShinyHunters has revealed that BreachForums, a notorious hub for stolen credentials and leaked data, has been seized by international law enforcement agencies. According to Shiny from ShinyHunters, the site’s administrative controls, including the accounts “Hollow,” “ShinyHunters,” and the original “Founder,” are now under the supervision of French authorities in collaboration with the FBI. Initial reports indicate that users attempting to log in to the forum are unknowingly submitting their credentials and device fingerprints into a sophisticated honeypot designed to trace and identify criminal actors. Following this announcement, BreachForums was taken offline, marking a significant shift in the landscape of cybercrime forums.
BreachForums emerged as a successor to several defunct leak-sharing platforms, quickly attracting cybercriminals with its encrypted messaging system and built-in scraping tools for harvesting breached databases. Its primary attack vectors included SQL injection exploits against poorly secured partner sites and a proprietary botnet for distributing phishing kits. Hackmanac analysts had identified anomalous traffic patterns and injection payloads embedded in login redirects as early as July 2025, suggesting that modifications were being made to convert the forum into a trap for its user base. The impact on the underground economy is profound, as data sellers and leakers now hesitate to share or purchase sensitive information due to fears of exposure. Victims of credential stuffing campaigns may experience an increase in targeted enforcement operations, as honeypot captures provide actionable intelligence on device fingerprints, IP geolocation, and intrusion tools.
Categories: Cybercrime Disruption, Law Enforcement Operations, Data Security Threats
Tags: ShinyHunters, BreachForums, Law Enforcement, Honeypot, Cybercrime, Credentials, SQL Injection, Phishing Kits, Underground Economy, JavaScript