Raidforums member data leaked on new ‘Exposed’ hacking forum

/in


A recently launched hacking site has published the member database of RaidForums, a notorious hacking forum taken offline in 2022.

Founded in 2015, RaidForums operated on the regular internet and was a popular hacking and data leak forum. Although it offered various illegal services, it was best known for trading stolen credentials.

The site was taken down in 2022 following an international law enforcement investigation and its founder, Diogo Santos Coelho of Portugal, was arrested. RaidForums was quickly replaced by a nearly identical site called BreachForums, but that site was taken down after its founder Conor Brian Fitzpatrick was arrested in March.

It’s often said that law enforcement operations targeting illicit sites are like a game of “Whac-A-Mole”: Every time one site is taken down, another appears. The story of RaidForums and its successors are the same. The new player in town, complete with the same design and similar illegal services, goes by the name “Exposed,” and it’s on this forum that the RaidForums data has been leaked.

A user on Exposed, going by the name of “Impotent” and claiming to be both the owner and administrator of the site (pictured), has leaked 374.7 megabytes of RaidForums data. Bleeping Computer reported today that the data consists of a single SQL file that contains the registration information of 478,870 RaidForums members, including their usernames, email addresses, hashed passwords, registration dates and a variety of other information.

How the data was obtained was not shared. Impotent told Bleeping Computer that it knows where the data came from but has promised not to disclose any details about the source. Impotent added that the member database table contains 99% of the original lines, with some removed to “cause no drama.”

“There’s no telling how this data was gathered, whether it was a new breach or just reusing data from another older breach, but it continues a well-worn pattern of malicious websites leaking customer data,” Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE. “It turns out that most malicious websites are no better…

Source…