New hacking forum leaks data of 478,000 RaidForums members

Update added on 5/30/23 at end of article.

A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum.

RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling data stolen from breached organizations.

Threat actors who frequented the forum would hack into websites or access exposed database servers to steal customer information. The threat actors then attempted to sell the data to other threat actors, who use it for their campaigns, such as phishing attacks, cryptocurrency scams, or distributing malware.

In many cases, if data was not sold or some time had passed, the stolen data would be leaked for free on RaidForums to gain a reputation among the community.

In April 2022, the RaidForums website and infrastructure were seized in an international law enforcement operation, with the site's administrator, Omnipotent, and two accomplices arrested.

After Raidforums closed, users flocked to a new forum called Breached to continue trading stolen databases. However, Breached shut down in March 2023 after its founder and owner, Pompompurin, was arrested by the FBI, and the site's other admin became concerned that law enforcement had access to their servers.

RaidForums database leaked online

Earlier this month, a forum called 'Exposed' was launched, aiming to fill the void left behind by the closure of Breached, and it has quickly become popular.

Today, one of the site's admins, 'Impotent,' leaked the RaidForums member database, exposing a wealth of information to other threat actors, researchers, and, potentially, law enforcement.

BleepingComputer has seen the leaked data, and it consists of a single SQL file for the 'mybb_users' table used by RaidForums' forum software to store registration information.

This table contains the registration information for 478,870 RaidForums members, including their usernames, email addresses, hashed passwords, registration dates, and a variety of other information related to the forum software.

The leaked table contains member information for users who registered between March 20th, 2015, and September 24th, 2020, likely when the database was dumped.

Impotent says that some RaidForums members have been removed from the database and that it is unknown when and why the dump was originally created.

BleepingComputer has confirmed that the information for numerous accounts in the database contain known registration information. Additionally, members of the Exposed forum have also confirmed that their information is in the MySQL table, indicating that the leaked table is legitimate.

While it's likely that the database is already in the hands of law enforcement after the forum was seized, this data could still be useful for security researchers who commonly build profiles of threat actors.

Using the leaked registration information, researchers can learn more about the threat actors and potentially link them to other malicious activities.

Update 5/30/23: Exposed's admin, Impotent, told BleepingComputer that the RaidForums data dump was originally not meant to be public, but they decided to leak it yesterday.

However, while the admin states they know where the data came from, they promised not to disclose any details about the source.

Impotent says the member database table still contains 99% of the original lines, with some removed to "cause no drama."