- Law enforcement seizes domains used by Scattered Lapsus$ Hunters
- Files from Salesloft/Salesforce breach were leaked
- The group stated “the era of forums is over”
The domains used by Scattered Lapsus$ Hunters to host data leak websites were reportedly seized by law enforcement just as the group was about to leak files stolen in the Salesloft/Salesforce breach. It didn’t stop the leaks, though.
The clearnet domain breachforums.hn was defaced, showing the usual FBI placeholder – “this domain has been seized”. This domain was previously used to reestablish BreachForums, an infamous underground website where cybercriminals exchanged knowledge, tools, and stolen goods, but after the forum was taken down by the FBI for the second time, it was propped back up by Scattered Lapsus$ Hunters, to be used as a data leak and extortion site.
Just days before the latest takedown, Scattered Lapsus$ Hunters announced they would start leaking the data stolen in the Salesloft/Salesforce breach, and even shared the exact moment when the files would go online. In an obvious attempt to thwart the leaks, the FBI, together with French authorities, took down not just breachforums.hn, but also the Tor site. However, this one was restored rather quickly, and files belonging to multiple companies were leaked.
Forums are dead
Among the victims were Qantas, Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas. Files belonging to more than 40 companies were leaked.
Unfortunately, no arrests were made, meaning Scattered Lapsus$ Hunters can just prop the forum back up and pick up where they left off. However, according to BleepingComputer, the group has no intention of resurrecting the famous forum, reportedly saying: “The era of forums is over”.
It seems Telegram groups will be taking over, serving as improvised forums with a little more resilience to them.
Another reason for the pivot away from forums, according to CyberInsider, is the fact that the FBI “destroyed” database backups dating back to 2023, along with all escrow databases.
The hackers also apparently said that all hacking forums that emerge after BreachForums should be considered honeypots propped up by cybersecurity researchers and law enforcement, and as such, should be avoided.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
