After ‘Patched Vulnerability’ in MyBB, BreachForums is Reportedly Back

• BreachForums is reportedly back online under original admins, with all user data preserved
• They attribute the April outage to a patched MyBB software vulnerability 
• The new admin ‘NA' has denied that all arrests and claims that IntelBroker was only a decoy identity

The BreachForums site, which was shut down by U.S. law enforcement in March, is reportedly back online. It is reopened under its original administration, with all historical user data intact, as claimed in a post shared on the forum.

“As far as we're concerned, it's business as usual,” read the BreachForums' new announcement. 

The administrator “NA” made the following claims in a July 25 post:

• Their administrators were not arrested, and those named by law enforcement were not part of their group
• IntelBroker, the previously public face of the forum, was never its owner. And the name was part of a plan to mislead law enforcement and deflect attribution
• The forum was closed in April due to a zero-day vulnerability in MyBB, which is now patched
• The domain breachforums.st was suspended by the registrar NIC[.]ST after it received multiple abuse complaints where unlawful activity is/was taking place
• The infrastructure, code, and user data were never compromised
• They will now post regular updates and remain transparent

What is MyBB 

MyBB (MyBulletinBoard) is a free, open-source forum software. It is written in PHP and is used in underground and legitimate online communities alike. The vulnerability exploited here was reportedly a zero-day, allowing for remote code execution.

BreachForums Takedown

The takedown occurred when the FBI seized the forum’s clearnet domain and Telegram channels last year in May 2024. ShinyHunters later claimed to have re-acquired the seized domain from the registrar. 

A domain registrar (like NIC[.]ST) can block a domain from resolving if it is linked to criminal activity. In this case, NIC.ST suspended breachforums[.]st.

This April, an admin ‘Normal’ also claimed that BreachForums was voluntarily suspended due to a zero-day vulnerability in the MyBB. It was claimed to be patched. 

What This Could Mean

These developments lead to questions about how the platform was revived. And also, how law enforcement could use the archived backend data to trace operations, even though admins claim no data loss occurred.

The reported re-opening of the forums, complete with the historical archive of user accounts, posts, and private messages, poses a threat to ongoing investigations and increases the difficulty of distinguishing between genuine criminal activity and planted intelligence collection efforts.

The rapid return and continuity of user accounts, moderation, and reputations suggest a shadow backup infrastructure or internal resilience within the forum’s vendor network. 

It cannot be totally denied that the dark web is trying to fetch data from law enforcement by placing snares and using cloned services, and rebranded forums to bait investigators into making contact.

The incident also raises questions of an insider threat, possibly a disgruntled user spreading rumors, or a skilled attacker misusing previously gained access.

Earlier this year, a member named ‘krekti’ claimed to hijack Breached[.]fi and leak user data. The domain, once linked to BreachForums, had been shut down.