Notorious Hackers Return as BreachForums Reboots Under New Domain
June 6, 2025 — Cybersecurity experts are sounding the alarm as BreachForums, one of the internet’s most infamous hacker marketplaces, has returned under a new domain — marking a bold resurgence just over a year after its takedown by international law enforcement.
The revived platform, now operating under a different URL reportedly hosted on a bulletproof offshore service, appears to have restored much of its original functionality. Early reports indicate that well-known cybercriminals and data brokers are rejoining the forum, once again offering stolen databases, malware kits, zero-day exploits, and hacking services to a growing number of users.
A Shadow Reborn
Breach Forums originally rose to prominence as a successor to raid forums which was dismantled in 2022. It quickly became a hub for illicit data exchanges and discussions, attracting thousands of users before being shut down in early 2024 following a coordinated global law enforcement operation. At the time, its alleged administrator “Pompompurin” was arrested, and authorities seized the site’s infrastructure.
Despite the disruption, cybercrime researchers predicted a likely return — and it appears those warnings were justified.
“The re-emergence of BreachForums is not surprising,” said Alex Hayworth, a senior threat analyst at RedTorch Cybersecurity. “When a marketplace with this kind of reputation and user base is taken down, there’s always someone willing to revive it for profit or notoriety.”
Same Name, Same Game
The new iteration of BreachForums features a near-identical layout and structure to its predecessor, raising questions about whether former admins are involved or if a new group has taken the reins using leaked backend code. Early activity on the forum suggests it is already hosting new stolen datasets, including login credentials, medical records, and financial information — some allegedly sourced from recent corporate breaches.
In underground forums and on Telegram, chatter around the reboot has intensified. Several high-profile threat actors have endorsed the new domain, further legitimizing the platform among cybercriminal circles.
Law Enforcement Response
U.S. and European authorities have not yet officially commented on the reboot, though cybersecurity firms tracking the forum’s activity believe that law enforcement is already working behind the scenes to identify servers and potential administrators.
“This is a game of whack-a-mole,” said Claire DeMarco, a cybercrime researcher with NetSentinel. “As long as there’s a market for stolen data, forums like BreachForums will continue to find a way back online. What we’re seeing is a shift in how resilient and adaptive these networks have become.”
Implications for Businesses and Individuals
The return of BreachForums poses renewed threats for businesses and individuals alike. Data sold or leaked through these platforms is often used in credential stuffing attacks, identity theft, phishing schemes, and corporate espionage.
Experts recommend that companies monitor threat intelligence feeds, enforce strict password hygiene policies, and implement multi-factor authentication across all services. Individuals are also urged to change reused passwords and remain vigilant against suspicious communications.
A Cat-and-Mouse Future
As cybersecurity teams and law enforcement agencies race to contain the renewed threat, BreachForums’ comeback serves as a stark reminder of the challenges in permanently dismantling criminal networks operating in the shadows of the internet.
“This isn’t the end — it’s just the next chapter,” Hayworth added. “The question isn’t whether these forums will return, but how quickly — and how much damage they can do before they’re shut down again.”
