Notorious online data leak market BreachForums taken down by whitehat heroes

News
By published

BreachForums is no more

Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
(Image credit: Shutterstock)
  • BreachForums taken offline after CCITIC abuse reports
  • Admin announces departure, seeking new leadership
  • Forum trust eroded after 324,000-user database leak in January 2026

BreachForums, one of the most popular underground forums for sharing malware, stolen data, and more - was taken down. Now, the admin seems to be giving up and looking for someone to pass the torch to.

Over the weekend, the Cyber Counter-Intelligence Threat Investigation Consortium (CCITIC) posted on LinkedIn, saying that both the clearnet and Tor versions of BreachForums were displaying a 502 - Bad Gateway error.

CCITIC is a non-profit which investigates cybersecurity threats and assists law enforcement in takedown efforts, and the organization said it managed to identify the upstream servers behind BreachForums, all hosted on DigitalOcean (ASN 14061) in the Frankfurt am Main datacenter. After filing abuse reports all three servers were taken offline.

Article continues below

Admin steps down

This is hardly BreachForums’ first rodeo. It was seized twice by law enforcement - once in June 2023, and then again in May 2024. Every time it managed to bounce back, and it is likely to happen again. However, it might be under new management.

Following the shutdown and the defacement, the forum’s admin posted a message on the homepage, saying they were quitting and looking for someone else to take over.

“It is time for me to say goodbye — though not entirely,” the post reads. “At this moment, however, I must take a step back. Despite this, I will continue to support BreachForums in any way I can whenever possible. For this reason, we are now seeking a responsible individual or group willing to take over the leadership and ongoing support of the forum.”

CCITIC suggests the forum might never recover, though, as things have changed. “In January 2026, its own database of ~324,000 users was leaked,” the organization said. “The ecosystem is fracturing, and trust among threat actors is collapsing.”

“You don't need to be the FBI to take action. Rigorous OSINT work, backend server identification, a well-documented abuse report sent to the right hosting provider — and a cybercriminal forum goes down.”

Via Cybernews

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.