A database for notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers to gain insight into who frequented the forum.
RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking and selling stolen data to hacked organizations.
Threat actors who frequented the forum could hack into websites or access exposed database servers to steal customer information. The threat actors then attempted to sell the data to other threat actors, who use it for their campaigns, such as phishing attacks, cryptocurrency scams, or malware distribution.
In many cases, if the data was not sold or a certain amount of time had passed, the stolen data would be leaked on RaidForums for free to gain reputation within the community.
In April 2022, the RaidForums website and infrastructure seized in an international law enforcement operation, with the site administrator, Omnipotent, and two arrested accomplices.
After Raidforums shut down, users flocked to a new forum called Breached to continue trading stolen databases. However, Violation of Judgment in March 2023 after its founder and owner, Pompompurin, was arrested by the FBIand the other site administrator was concerned that law enforcement would have access to their servers.
RaidForums database leaked online
Earlier this month, a forum called “Exposed” was launched, aiming to fill the void left by Breached’s closure, and it quickly became popular.
Today, one of the site’s administrators, “Impotent”, leaked RaidForums’ member database, exposing a wealth of information to other threat actors, researchers and, potentially, law enforcement.
BleepingComputer has seen the leaked data and consists of a single SQL file for the ‘mybb_users’ table used by RaidForums forum software to store registration information.
This table contains the registration information of 478,870 RaidForums members, including their usernames, email addresses, hashed passwords, dates of registration, and various other forum software information for
The leaked table contains membership information for users who signed up between March 20, 2015 and September 24, 2020, likely when the database was purged.
Impotent indicates that some members of RaidForums have been removed from the database and it is unknown when and why the dump was originally created.
BleepingComputer has confirmed that many account information in the database contains known registration information. Additionally, members of the Exposed forum have also confirmed that their information is in the MySQL table, indicating that the leaked table is legit.
While it’s likely that the database is already in the hands of law enforcement after the forum was seized, this data could still be useful to security researchers who typically profile threat actors.
Using the leaked registration information, researchers can learn more about threat actors and possibly link them to other malicious activity.