10.10.2025
2 min
521
The FBI, in cooperation with the French police, conducted a large-scale operation and took full control of BreachForums, a portal used by the ShinyHunters group to leak data from large companies, including Salesforce customers. Law enforcement officers warned that all backup copies of the forum since 2023 have come under the control of the US government.
According to BleepingComputer, FBI agents seized all domains and server infrastructure of BreachForums before the hackers had time to publish the stolen data. The ShinyHunters Telegram group confirmed the loss of control, noting that “the era of forums is over.” According to the analysis of the criminals, all databases, including reserves and escrow, are now in the hands of special services.
Despite this, the darknet leak site continues to operate. ShinyHunters representatives stated that no administrator has been arrested, but they do not plan to create a new forum, because such platforms have now become “traps for hackers.”
At the same time, the hackers emphasized that the Salesforce blackmail campaign is ongoing. A list of dozens of corporations appeared on their website, including FedEx, Disney, Google, Cisco, Toyota, Marriott, Chanel, IKEA, and others. In total, the attackers claim to have stolen more than a billion customer records.
The history of BreachForums dates back to the closure of RaidForums, a popular platform for selling stolen data. After its liquidation, the ShinyHunters team restarted the forum several times under different domains.
The last release of BreachForums took place in July 2025, shortly after the arrest of four administrators of the previous version of the platform in France.
American law enforcement officers simultaneously brought charges against Kai West (IntelBroker), one of the most famous members of the cybercriminal group. The platform disappeared from the network in August, and ShinyHunters published a PGP-signed message about the seizure of the FBI and BL2C servers, promising not to restore the site again.
The capture of BreachForums was another blow to the cyber underground, which used public platforms to trade stolen data. Although the ShinyHunters group’s darknet portals remain online, experts believe that the loss of databases and backups will seriously weaken their capabilities. For companies using Salesforce, the incident is a reminder of the importance of regular security checks, multi-factor authentication, and password updates.
