RaidForums Members Suffer the Same Fate as Their Victims

  • RaidForums was a popular darknet site that hosted the trade of vast volumes of stolen data until it was disrupted and seized in Operation Tourniquet in April 2022.
  • Impotent, the admin of a new hacking forum, Exposed, recently leaked the data of 478,870 RaidForums darknet marketplace members.

In an ironic twist of tale, the details of the members of the darknet marketplace, RaidForums, who frequently leaked hacked user data, were recently leaked on Exposed, a hacking forum launched earlier this month, BleepingComputer confirmed.

RaidForums was a popular darknet site that hosted the trade of vast volumes of stolen data until it was disrupted and seized in Operation Tourniquet in April 2022. As per reports, RaidForums was the medium through which hackers sold approximately 10 billion personal data records of U.S-based and international individuals.

RaidForums was popular mainly among low to mid-level cybercriminals. Its founder, 21-year-old Diego Santos Coelho from Portugal, a.k.a, Omnipotent, was also arrested in the U.K. on January 31 this year before the site’s seizure. At the time of the RaidForums takedown, it had over half a millionOpens a new window registered members, according to Europol, less than half of whom were active users.

Meanwhile, Exposed emerged in May 2023 with one of the admins, Impotent (a possible dig at Omnipotent?), leaking the data of 478,870 RaidForums members registered between March 20th, 2015, and September 24th, 2020. The leaked data includes member usernames, email addresses, hashed passwords, registration dates, and “a variety of other information related to the forum software,” BleepingComputer noted.

It is unclear why Impotent leaked RaidForums member data, given that Exposed emerged as an aesthetic and operational successor to the now defunct BreachedForums, which in turn emerged right after the RaidForums seizure. Immediately after RaidForums’ takedown, members started migrating to BreachedForums.

See More: Chinese Govt Had Access to TikTok Data: Ex-ByteDance Exec

However, BreachedForums was shut down after its founder Pompompurin was arrested in March 2023. The last admin of BreachedForums, Baphomet, posted, “I now feel like I’m put into a position where nothing can be assumed safe, whether it’s our configs, source code, or information about our users — the list is endless.”

It is possible that Impotent is simply trying to throw law enforcement off their scent by leaking the RaidForums member database. Impotent said they removed the details of some RaidForums members from the database before they leaked it.

The Exposed hacking forum looks similar to BreachedForums, while its trackers and unique IDs were identical to other forums such as PwnedForums (now closed) and CrackersBay, Cyberint found. The company also noted that Exposed has amassed over 2,000 members in less than a month since commencing operations.

“While some have already joined the forum, others claim this is another scam by the authorities to mark new targets,” Cyberint noted.

What approach can law enforcement and researchers use to zero in on cybercriminals? Share your thoughts with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock