A database containing the details of almost half-a-million RaidForums users has leaked online, a year after the U.S. Department of Justice seized the notorious cybercrime forum.
The leaked database was posted on Exposed, described by security researchers as an up-and-coming forum “wanting to fill the void” left by the recent Breachforums shutdown. An Exposed admin, known as “Impotent,” posted the alleged RaidForums user data, which includes the details of 478,000 users, including their usernames, email addresses, hashed passwords and registration dates.
“All of the users that were on raidforums may have been infected,” the admin’s post says. RaidForums had around 550,000 users at the time of its shutdown last year.
The admin added that some users’ details have been removed from the leak, though it’s unclear how many or the reasoning behind this.
The exposed data is already likely in the hands of law enforcement following RaidForums’ seizure by U.S. authorities, but may help security researchers investigating the forum’s historic activity.
RaidForums, which launched in 2015, became one of the world’s largest hacking forums. It was used by cybercriminals to primarily buy and sell stolen databases. That included over a million passwords for crypto currency wallet service gatehub, and millions of stolen T-Mobile customer accounts. The Lapus$_hacking_group also reportedly used the hacking forum.
The U.S. Department of Justice announced that it had seized RaidForums’ website and infrastructure in April 2022 as part of an international law enforcement operation. RaidForums’ administrator, known as “Omnipotent,” and two of his accomplices were also arrested. Before the forum’s seizure, hundreds of databases of stolen data containing more than 10 billion unique records for individuals had been offered for sale, prosecutors said.
U.S. law enforcement agencies also recently announced that they had arrested a man alleged to be “Pompompurin,” the administrator of the infamous BreachForums, which arrived following RaidForums’ demise and served the same purpose and audience.
Days after the arrest, the cybercrime website’s new administrator announced that they were shutting down the forum for good.
Last month, the Dutch National Police sent thousands of emails, mailed hundreds of letters and even made phone calls to former RaidForums members to warn them they were under surveillance, urging them to delete any stolen or traded data in their possession. Officers obtained the users’ identities by analyzing a RaidForums database like the one leaked on Monday which reportedly included the IP addresses used to register and login.