Cyber Security Threat Summary:
“A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum. RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling data stolen from breached organizations. Threat actors who frequented the forum would hack into websites or access exposed database servers to steal customer information. The threat actors then attempted to sell the data to other threat actors, who use it for their campaigns, such as phishing attacks, cryptocurrency scams, or distributing malware. In many cases, if data was not sold or some time had passed, the stolen data would be leaked for free on RaidForums to gain a reputation among the community. In April 2022, the RaidForums website and infrastructure were seized in an international law enforcement operation, with the site's administrator, Omnipotent, and two accomplices arrested. After Raidforums closed, users flocked to a new forum called Breached to continue trading stolen databases. However, Breached shut down in March 2023 after its founder and owner, Pompompurin, was arrested by the FBI, and the site's other admin became concerned that law enforcement had access to their servers” (Bleeping Computer, 2023).

Security Officer Comments:
RaidForums’s database was leaked by one of the site admins (aka ‘Impotent’) of ‘Exposed’, another forum that was launched earlier this month following the shutdown of breached forums. Taking a look at the post made by Impotent on Exposed forums, a SQL file for the ‘mybb_users’ table used by RaidForums' forum software to store registration information was leaked. The table contains registration information for 478,870 RaidForums members, such as usernames, email addresses, hashed passwords, registration dates, etc.

“While it's likely that the database is already in the hands of law enforcement after the forum was seized, this data could still be useful for security researchers who commonly build profiles of threat actors. Using the leaked registration information, researchers can learn more about the threat actors and potentially link them to other malicious activities” (Bleeping Computer, 2023).

Link(s):
https://www.bleepingcomputer.com/