A database containing the details of nearly half a million RaidForums users has been leaked online, a year after the US Justice Department seized the infamous cybercrime forum.
The leaked database was posted on Exposed, described by security researchers as an emerging forum that aims to “fill the void” left by the recent closure of BreachForums. An Exposed admin known as “Impotent” posted the alleged RaidForums user data, which includes the details of 478,000 users, including their usernames, email addresses, hashed passwords, and registration dates.
“All users who were on raid forums may have been infected,” the admin’s post says. RaidForums had about 550,000 users last year when it shut down.
The admin added that some users’ data has been removed from the leak, though it’s unclear how much or the reasoning behind this.
The exposed data is likely already in the hands of law enforcement following the US authorities’ seizure of RaidForums, but could help security researchers investigate the forum’s historical activity.
Launched in 2015, RaidForums became one of the world’s largest hacking forums. It was used by cybercriminals to buy and sell mostly stolen databases. That included over a million passwords for cryptocurrency wallet service Gatehuband millions stolen from T-Mobile customer accounts. So is the hacking group Lapsus$ reportedly used the hack forum.
The US Department of Justice announced that it had seized the RaidForums website and infrastructure in April 2022 as part of an international law enforcement operation. The RaidForums administrator known as “Almighty” and two of his accomplices were also arrested. Prior to the forum’s seizure, hundreds of databases of stolen data containing more than 10 billion unique records belonging to individuals had been put up for sale, prosecutors said.
US law enforcement agencies also recently announced they had arrested a man allegedly “Pompompurin”, the administrator of the infamous BreachForums, who arrived after the demise of RaidForums and served the same purpose and audience.
Days after the arrest, the new administrator of the cybercrime website announced that they were closing the forum for good.