FBI Seizes BreachForums as ShinyHunters Retaliate With Salesforce Extortion Threats
Published
- Domain seizure: The clearnet domain of BreachForums has been seized by the FBI in conjunction with international law enforcement partners.
- Data compromised: Administrators ShinyHunters confirmed all database backups since 2023, including escrow records, were compromised during the seizure.
- Salesforce threat: Yet, threat actors claim the planned extortion campaign and leak of Salesforce data will proceed, teasing a release on October 10, 2025.
The clearnet domain of BreachForums has been seized. The admin team, operating under the name ShinyHunters, confirmed the seizure through a signed message, acknowledging the takedown and the compromise of their backend servers.
Reports say the operation was conducted by the Federal Bureau of Investigation (FBI) and its international law enforcement partners, effectively disrupting one of the most prominent platforms for trading stolen data and facilitating cyber extortion.
ShinyHunters' Response and Operational Security Warnings
Following the seizure, ShinyHunters stated that all database backups dating back to 2023 were seized, a significant blow that exposes user and operational data.
Despite this setback, the group asserted that the takedown would not impact its ongoing extortion campaign against Salesforce.
In a candid admission, the administrators declared that the "era of forums is over" and warned former members to tighten their operational security (OPSEC), anticipating follow-up law enforcement actions.
Implications and the Threatened Salesforce Data Leak
The seizure of BreachForums marks a critical disruption for threat actors like ShinyHunters and Scattered Spider, who have historically used the platform for leaks and extortion.
However, the threat of a major Salesforce data leak remains. The ShinyHunters group has publicly announced its intention to release the data at 11:59 PM New York time on October 10, 2025.
This development signals that while the forum's infrastructure has been dismantled, the actors behind it remain active, highlighting the persistent challenges in combating organized cybercrime. The incident is a major event in ongoing FBI cybercrime operations.
Crimson Collective declared October 5, 2025, as a “National Cybercrime Day” in connection with a BreachForums post under the Scattered LAPSUS$ Hunters alias that claimed a massive data breach at Red Hat.
In June, the U.S. indicted British cyber kingpin IntelBroker and arrested four other French hackers, who operated under the pseudonyms ShinyHunters, Hollow, Noct, and Depressed.
In mid-August, ShinyHunters claimed that law enforcement took control of key BreachForums admin accounts, such as Hollow, ShinyHunters, and Founder, and the forum’s source code was modified to log all user actions.
In September, a U.S. court resentenced BreachForums founder Conor Brian Fitzpatrick to three years behind bars.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular