After BreachForums went offline in April, several clones emerged to try to replace it, but none were truly successful. Yesterday, the “official” BreachForums (if it can be said that there is an “official” one) reappeared on its darkweb address.
The forum looked the same and some of the moderators’ names were familiar, but it was immediately evident that it had a new founder/owner called “N/A.”
In their introductory announcement, N/A wrote, in part:
In light of recent reports regarding alleged arrests involving BreachForums operatives, let us clarify unequivocally: none of our administrators have been arrested. The individuals named by law enforcement have never been part of our administration. Furthermore, we confirm that BreachForums infrastructure, code, and data remain uncompromised. As far as we’re concerned, it’s business as usual.
The first sentence was factually inaccurate. ShinyHunters (the individual and former forum owner) was arrested in France with other alleged members of the ShinyHunters group on June 23, 2025. Shiny was certainly part of the administration of the forum, so why claim that no administrator had been arrested?
As N/A’s announcement goes on to claim, IntelBroker was never the actual owner of this forum.
The title was intentionally assigned to him to divert attention from us, a strategy that evidently succeeded. He never had any “Owner” or “Administrator” privileges to this forum.
What N/A said about IntelBroker is true although it’s not clear that “N/A” was ever part of “us” at that time.
Although ShinyHunters (the individual, “Shiny”) had announced IntelBroker was taking ownership in August 2024, Shiny quietly admitted to some people that IntelBroker was in name only. IntelBroker, whose real name is Kai Logan West, stepped down from his role in January 2025. But his name was also used (probably without his knowledge or consent) in May, when members of ShinyHunters tried to extort PowerSchool clients and sent emails saying they were ShinyHunters from an email account, “[email protected].” IntelBroker had been arrested in France in February and has been detained since then, so use of an email account that had “IntelBroker” as part of the name appears to have been just another attempt to use IntelBroker as a scapegoat or diversion.
There is more to N/A’s announcement, including the statement that BreachForums had not actually been seized, but its domain registration had been suspended at law enforcement’s request. That, too, seems accurate, as DataBreaches had seen that email from nic.st at the time.
It is important to note that the resurrected site does appear to have preserved the original user database, reputation, credits, and posts. DataBreaches tested the site yesterday and was able to login with our old credentials. A check of the canary.txt file and the pgp shows both were in good order.
So things look right, but the biggest issue for some may be the fact that the new founder/owner, “N/A” is an unknown.
Where did N/A come from and how did they wind up with all the infrastructure and data? Did Shiny sell it to them or did some admin with access sell it to them or give it to them? Or is there some other explanation? DataBreaches asked N/A how they came to be the new founder/owner, and whether ShinyHunters had sold or given them the infra and data or if someone else had sold it to them or given it to them. They replied “No comment” to both inquiries.
DataBreaches also notes that ShinyHunters is listed as an administrator on the forum. That is a newly created or edited page, so it is not just a leftover listing.
Did “Shiny” agree to be an administrator for this forum? Does Shiny even know they are listed as an administrator?
This post will be updated if more information is obtained.
Updated August 2, 2025: We have struck through one paragrah as it now appears that it was not accurate and have deleted reference to Shiny being in prison since whoever is in that prison is not ShinyHunters.