A leak by a hacking forum admin has exposed the data of 478,000 members of RaidForums – a platform that sold payment card details and databases of login credentials, such as usernames and associated passwords for enterprises, among other black market activity.
RaidForums was shut down in April 2022 following combined US Police and Europol action. Forums “Breach” (which was in turn shut down in March 2023) and “Exposed” have followed since then.
This set of RaidForums user data was leaked by an Exposed forum admin as a single SQL file. The file, as seen by Bleeping Computer, contains the registration information for 478,870 RaidForums members, including their usernames, email addresses, hashed passwords, registration dates from between 2015 and 2020.
Before being shut, RaidForums platformed the sale of over 10 billion unique records. It operated as a middleman, allowing users to buy and sell data gained during security breaches and activities.
In its early days the forum was a hub for organizing various kinds of electronic harassment, such as swatting targets (making false reports leading to armed law enforcement intervention) and "raiding," which the American DoJ described as "posting or sending an overwhelming volume of contact to a victim’s online communications medium."
RaidsForums founder Diogo Santos Coelho has since been arrested in the UK and faces charges internationally.
The leaked used data base exposed frequent users of RaidForums to other hackers and law enforcement agencies. It's also likely to be useful for security researchers seeking to build threat actor profiles.
The legitimacy of this breach was confirmed by cybersecurity analysts at VX-Underground. But the source and reasoning behind the data dump remains unknown.