Search This Blog

Powered by Blogger.

Blog Archive

Labels

Critical Cybercrime Hub's Hacked Data Emerges for Sale on Underground Markets

Hacked data from critical cybercrime forums is being offered for sale, providing valuable insights into the conduct of threat actors.

 


The notorious 'Breached' cybercrime forum's database has been offered for sale and shared with Have I Been Pwned. This is the website that collects information on cybercrime victims. While consumers worry about data breaches, hackers are now likely to do the same. 

Have I Been Pwned, a service that notifies data breaches, has recently released an update. This allows visitors to check if their personal information has been exposed in a breach of Breached, a cybercrime forum. It is worth noting that Breached is a forum dedicated to hacking and data leaks. There are several hacking companies and governments across the world that steal financial, legal, and corporate data. They have put it up for sale. 

Known for hosting, leaking, and selling stolen companies, government entities, and organizations' data worldwide that had been hacked, Breached was a large hacking and data leak forum. It was after Pompompurin, the site administrator, was arrested in March 2023 that the forum was shut down by the remaining administrator, Baphomet.

The site's servers were also believed to be accessible to law enforcement, as he believed they had access to them. After the Breached Forums clone was launched, Baphomet opened another data breach seller known as Shiny Hunters in collaboration with another Breached Forums clone. This release, BFv2, is called BFv2. 

 An Invaluable Source of Information 


A threat actor called "breached_db_person" is currently selling the Breached database. This threat actor told BleepingComputer they shared the database with Have I Been Pwned to prove to potential buyers its authenticity. There has also been confirmation from BleepingComputer that the shared member's table contains a list of known Breached accounts that have been identified.

According to a previous Breached administrator named Baphomet, the database was also authentic, warning that it was part of the ongoing campaign to destroy the Breached community. According to the threat actor, he or she sells the breached database to only one person for between $100,000 and $150,000. It contains a snapshot of the entire database taken on November 29th, 2022. This indicates that the database has already been compromised. 

The database is over 2 GB in size and includes all tables that are needed, including the ones that deal with private messaging, payment process transactions, and the membership database, according to BleepingComputer. There is plenty of schadenfreude to be had at the moment. However, you still would not pay someone to steal from you despite the obvious opportunity. 

There are still several valuable data sets that are potentially of use to cybersecurity researchers and other threat actors. This is even though the FBI has already stated that they gained access to the breached database after seizing servers. 

There is incriminating information about forum members in the private message tables of the website owned by breached_db_person, the seller. Furthermore, it can be seen that in the 'members' database is a list of IP addresses showing that the majority of threat actors are using residential IP addresses to avoid adhering to effective operational security. 

Private messages are a useful tool as they contain messages that have been sent privately between members of the forum and that are intended for their eyes only. Information about previous attacks, the identity of the attacker, and other helpful information can be revealed in such a way. 

It was shared with BleepingComputer some samples of the payment table which contain information on the payments made by members to upgrade their ranks (an additional level of membership that offers enhanced benefits) and credits (a currency used on the forum).

To process these payments, CoinBase Commerce or Sellix were used. A Coinbase transaction includes links to an order confirmation that contains sensitive information, like cryptocurrency addresses and Coinbase payment IDs, including links to order confirmations that contain sensitive information. 

Blockchain analytics companies can use this cryptocurrency data to link criminal activity to cryptocurrency addresses. This can be useful to companies that track cryptocurrency data and analyze threat actors. 

Many companies have been hacked by Breached, its members, extortion attempts, ransomware attacks, and other breaches that were caused as a result of Breached and its members. Many of these companies have suffered security breaches, including DC Health Link, Twitter, Robin Hood, Acer, and Activision, among others. 

Thus, it is conceivable that researchers could benefit greatly from private messages. Sellers stated that several cybersecurity firms had already contacted them to ask for a copy of the data to conduct research of their own on it. 

In addition, the seller reports that there has been interest from other threat actors, with an offer of $250,000 being received from the seller. Even though it is too early to tell whether or not the database will eventually be sold, it would not be surprising if it is ultimately sold at some point, and if it is, the entire database could be leaked for free at some stage in the future. 

Data breaches are often purchased privately, and then released later to build a reputation in the data thieves community. There have been numerous recent data breaches in the Industry, including the seized RaidForums forum, which has also had its database compromised, and the newly launched BreachedForums clone (BFv2) which has also had its database compromised.
Share it:

Cyber Attacks

Cyberattackers

CyberCrime

Cybersecurity

Privacy Invasion