RaidForums leak: Details of nearly half-a-million hackers posted online
RaidForums admin and two of his collaborators were arrested last year as part of Operation TOURNIQUET
A database containing personal information of around 478,000 users of black hat hacking forum RaidForums has leaked online, nearly a year after the US Department of Justice announced the shutdown of the infamous site.
The database, containing a substantial amount of personally identifiable information, has been shared on 'Exposed' - a newly established hacking forum that has stepped in to fill the void left by the closure of BreachForums.
The database leaked on Exposed was posted by 'Impotent' - one of the site's admins - revealing a vast amount of information to various parties, including other threat actors, researchers and potentially law enforcement agencies.
"All of the users that were on raidforums may have been infected," the admin's post says.
At the time of its closure last year, RaidForums boasted approximately 550,000 users.
Impotent mentioned on the forum that certain details belonging to RaidForums members have been deliberately excluded from the leaked database.
As reported by BleepingComputer, the leaked database comprises a single SQL file containing the "mybb_users" table used by RaidForums' software to store registration details.
This table contains the details of 478,870 members who registered on RaidForums during the period between 20 March 2015 and 24 September 2020. The details exposed include members' usernames, email addresses, hashed passwords and various other data.
Some members of the Exposed forum acknowledged finding their own information within the dataset, suggesting that the leaked table is legitimate.
Impotent said their original intention was not to make the RaidForums data dump publicly available. However, a decision was eventually made to leak the data.
Raidforums[.]com, which was launched in 2015, achieved notoriety as a platform that facilitated discussions revolving around hacking techniques, stolen data and various cybercriminal activities. It functioned as a central hub for hackers, cybercriminals, and individuals engaged in illicit online endeavours.
The marketplace offered access to more than 10 billion units of customer information, stolen in some of the world's largest data breaches. The information included usernames and passwords, as well as details for millions of credit cards, bank accounts and routing information.
In June 2021, data harvested from 700 million LinkedIn members was offered for sale on the forum, which unusually operated on the open internet rather than the dark web.
In April of last year, the US Department of Justice made an announcement regarding the shutdown of RaidForums as part of a significant cross-border law enforcement operation. The operation resulted in the seizure of RaidForums' infrastructure.
The RaidForums admin and two of his collaborators were arrested as part of Operation TOURNIQUET, which Europol managed in support of independent investigations in the USA, UK, Romania, Sweden and Portugal.
A man called Diego Santos Coelho, the creator and chief admin of RaidForums, was detained in the UK on 31st January 2022.
The UK National Crime Agency (NCA) said another alleged site founder - a 21-year-old Croydon man - was arrested at his home in March 2022.
Following the closure of RaidForums, a considerable number of users migrated to a different forum called BreachForums. This new platform served as a gathering place for individuals involved in the trade of stolen databases, allowing them to continue their activities.
In a significant development, BreachForums faced its own demise in March 2023 when the founder, known as Pompompurin, was arrested by the FBI.
Following Pompompurin's arrest, the new admin of the cybercrime website announced the permanent closure of the forum.