A recent RaidForums data breach exposed members’ data

In a recent development, the notorious RaidForums hacking community has suffered a significant data breach, resulting in the leaked database becoming available online.

This breach has not only provided security researchers with an opportunity to analyse the underground community but has also granted threat actors unrestricted access to the personal information of those who frequented the forum.

RaidForums, notorious for facilitating data breaches and hackers’ hubs, was a centre where stolen data from compromised organisations was shared, sold, and leaked. The ecosystem thrived by targeting websites and unprotected database servers to steal information, which they sold to other malicious actors for malicious activities.

In a turn of events, RaidForums was disrupted by international law enforcement agencies in April 2022. This operation resulted in the arrest of the site’s administrator, Omnipotent, and two collaborators.

The forums’ users sought refuge in a newly emerged platform called “Breached,” where the illicit trade of stolen databases continued. However, Breached’s operations ended in March 2023 when the FBI apprehended the forum’s founder and owner, Pompompurin.

 

A forum admin exposed databases from RaidForums, resulting in a massive data breach.

 

In May 2023, the launch of ‘Exposed,’ a new forum aimed to replace the now-defunct Breached, swiftly gained popularity. But recently, one of its administrators, ‘Impotent,’ leaked the RaidForums member database, exposing a trove of databases to the public.

Thorough analysis shows that the leaked data comprises a single SQL file containing the ‘mybb_users’ table, which RaidForums’ forum software utilised to store registration details.

Within this table, the data of 478,870 RaidForums members have been exposed, including their usernames, email addresses, hashed passwords, and registration dates, among others.

The leaked table specifically encompasses member information of registered users between March 20th, 2015, and September 24th, 2020, implying that this data dump likely occurred during that period.

Impotent has revealed to security researchers that the RaidForums data breach was initially intended to remain private, but they decided to leak it to the public. Despite knowing the origin of the data, the admin has made a firm commitment not to divulge any specifics about the source.

Notably, Impotent has shared that the leaked member database table retains 99% of the original entries, with a few deliberately removed to avoid creating unnecessary controversy.

Although law enforcement may have already obtained the RaidForums database following the forum’s seizure, the leaked data still holds value for security researchers. Researchers often compile profiles of threat actors, and the leaked registration information can provide valuable insights into their identities.

By analysing this data, researchers can gain a deeper understanding of the threat actors and potentially establish connections to other malicious activities, contributing to the ongoing efforts to combat cybercrime.