Do Hacker Forums Ever Delete the Account Data of Their Users?

By Bill Toulas / March 4, 2021

"Clearnet" sites have privacy policies that declare data retention periods and what happens when a user chooses to delete their accounts. Moreover, all sites are required to comply with “right to be forgotten” regulations like GDPR, so anyone can ask a platform to wipe all their data on exit, at least after an agreeable period of time.

What happens with cybercrime forums, though, and the data of those who want to escape the field and erase their criminal past? According to a Digital Shadows report, things are a lot more complicated in this unregulated space, and very often, account data is retained indefinitely. In some cases, like the RaidForums, for example, this fact is given in the most straight-forward wording possible.

Source: Digital Shadows

Considering the law enforcement risks that could arise from the arrest of a forum’s operator and the subsequent server seizure followed by the analysis of stored data, one has to wonder why these platforms choose to keep that data forever in the first place. One possible explanation is that they simply don’t bother to delete anything as they have nothing to gain from the manual labor involved. Users being exposed if the police knocks at their door is the least of the operators' concerns.

Moreover, there are some technical aspects to consider to all this. Disabling an account and keeping it on the server seems to be an easy solution for quick reactivation if the user returns to the platform. And finally, this system prevents the abuse of well-known monikers as scammers cannot register with the same name and engage in activities that could harm the platform's reputation. So, all in all, for the operators of the forums, this practice has only advantages and virtually no drawbacks.

Obviously, the law enforcement authorities and the infosec community investigators are delighted with this system, too, as they can trace back past activities and link usernames to identifiers. All that is needed is a single mistake made by the hacker at any point in time, and they will be connected to their entire darknet presence no matter how careful they may have been otherwise.

So, if you’re thinking about entering the unholy space of cybercrime believing that the prudence of using anonymous email accounts and non-leaking VPNs will keep you safe, you may want to think twice. Years after you typed your last word on a cybercrime forum, you may find your past catching up with you, and you’ll likely have a lot more to lose by then.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: