A threat actor known by their alias ‘emo’ has posted the entire BreachForums v1 database, generated through late 2022, on Telegram, reportedly with the aim of allowing users to fix the holes in their OPSEC (operational security).
As reported by BleepingComputer, emo started leaking the data this past weekend, first going with member data information (member names, email addresses, and IP addresses - after they were banned from the current version of the forum).
After that, they exposed the rest, which includes a “tremendous amount” of additional data.
Sold by Pompompurin
"Find enclosed the full BreachForum v1 database, every record up to November 29th, 2022," Emo posted to Telegram.
"This database includes everything, Private Messages, Threads, Payment logs, detailed IP logs for each user, etc. I originally only leaked the user table to discourage it from being sold behind the scenes by BreachForum staff, however it's become apparent that so many people have the database now that it being leaked is an inevitability."
"This will give everyone a chance to review their records and fix holes in their OPSEC."
The archive also appears to contains members’ hashed passwords, private messages, cryptocurrency wallets used to buy forum credits, and every post ever made on the site. Cybersecurity researchers can use the messages to get a better understanding of how threat actors operate and compromise networks, while the cryptocurrency wallet data can be used to connect specific ransomware payments to individual criminals.
Apparently, the database was originally sold in July 2024, by the forum’s founder, Conor Fitzpatrick, AKA Pompompurin.
In early January 2024, Fitzpatrick was sentenced to 20 years of supervised release for operating the forum. The first two years of his sentencing, Fitzpatrick will serve in home arrest, with a GPS locator. He will also undergo mental health treatment. Furthermore, he is banned from the internet for a year, and will have monitoring software installed on his devices.
More from TechRadar Pro
- A dangerous Telegram zero-day could have left users open to attack via video
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now