Notorious hacking forum Breached shut down after remaining administrator Baphomet revealed he believed law enforcement had access to the site’s servers.

Breached was a popular hacking and data leaking forum known for hosting, leaking, and selling data obtained from hacked companies, governments, and various organizations.

It was a community that attracted people from all areas of cybercrime, including ransomware gangs, data extortionists, security researchers, and those simply interested in the dark side of cybersecurity.

The site and its members have been responsible for a wide range of breaches, extortion attempts, and ransomware attacks, leaking data from many high-profile attacks. These shortcomings include DC Health Link, Twitter, Robin Hood, Acer, Activisionand much more.

Breached was the spiritual successor to the RaidForums forum, frequented by many users before the FBI took over in April 2022a few months after the arrest of its founder, “Omnipotent”, in the United Kingdom.

Hacked forums are closed

Hacking forum Breached has been in disarray since last Friday, when news broke that its founder and owner, Pompompurin, was arrested by the FBI.

Since the arrest, the remaining administrator, Baphomet, had taken the site offline while moving it to a new infrastructure secured against potential compromise by law enforcement.

In a series of updates to their site, Baphomet said the process was slow as they tried to maintain operational security (opsec) to prevent their identities from being tracked by law enforcement.

The original plan was to migrate the site to a new infrastructure that would be untraceable, allowing the community of hackers, security enthusiasts, and cybercriminals to continue using the platform.

However, that plan was canceled as Baphomet today shared a “final update” stating that they “confirmed glowies likely have access to the Poms machine” – “glowies” meaning feds.

When the infrastructure was taken offline, the administrator said he left an old CDN server online that was not hosting any important data.

“Throughout the migration, I checked to see if there was anything going on that might cause concern during the migration,” reads Baphomet’s post.

“One of the servers checked was the old CDN server described above. It looks like someone logged in on March 19 at 1:34 AM EST before I logged into the server.”

“Unfortunately, this probably leads to the conclusion that someone has access to the Poms machine. All the servers we use are never shared with anyone else, so someone should know the credentials of this server to be able to connect.”

“I now feel like I’ve been placed in a position where nothing can be considered secure, be it our configurations, source code, or information about our users – the list is endless.”

Due to concerns that Pompompurin’s devices were now in the hands of law enforcement, and therefore had access to Breached’s infrastructure, Baphomet decided to shut down Breached for good and leave members of his community choose their next destination.

The Telegram channel will remain for the time being, while Baphomet said he will continue to have an online presence, chat with other forum owners and potentially help build something new.

As hacking forums are seized by law enforcement, BleepingComputer has seen threat actors migrate to Telegram as new channels can easily be started when existing channels are shut down.

Telegram has become a hotbed of cybercrime activity, with threat actors amassing celebrity-like followers as they leak stolen data, sell stolen accounts and discuss their latest attacks.