Remember RaidForums? It’s Back to Haunt Its Users
Update added on 5/30/23 at the end of the article.
Remember RaidForums, the infamous hacking forum that was shut down by law enforcement? Well, it seems the ghost of its past has come back to haunt its users. A database containing the forum’s member information has been leaked online, giving both threat actors and security researchers a glimpse into the identities of those who frequented the site.
For those who don’t know, RaidForums was an incredibly popular and notorious hacking and data leak forum. It was a hub for hackers to trade stolen data from breached organizations. Once in possession of this data, other cybercriminals would use it for various nefarious purposes, including phishing attacks, cryptocurrency scams, and malware distribution.
The forum was finally taken down in April 2022, after an international law enforcement operation led to the arrest of its administrator, Omnipotent, and two accomplices. After its closure, users migrated to a new forum called Breached, which was eventually shut down in March 2023 following the arrest of its founder and owner, Pompompurin.
Introducing… Exposed!
Fast forward to today, and a new forum called “Exposed” has emerged to fill the void left by RaidForums and Breached. It has quickly gained popularity among the hacking community.
Recently, one of the site’s admins, “Impotent,” leaked the RaidForums member database, essentially exposing the identities of almost half a million users to cybercriminals and security researchers alike.
We, at IT Services, have reviewed the leaked data, which consists of a single SQL file containing registration information for 478,870 RaidForums members. This information includes usernames, email addresses, hashed passwords, registration dates, and other related data.
The leaked table contains information for users who registered between March 20th, 2015, and September 24th, 2020, likely when the database was dumped. Some members have been removed from the database, and it is unclear when and why the dump was created.
Our team has verified that the leaked information is legitimate, as we were able to confirm the registration details of numerous accounts. Members of the Exposed forum have also corroborated the authenticity of their data in the MySQL table.
What Does This Mean for Security Researchers (and Cybercriminals)?
While it’s highly likely that law enforcement already has this database in their possession, the leak is still a treasure trove for security researchers. By analyzing the registration information, researchers can learn more about the threat actors and potentially link them to other malicious activities.
On the flip side, the leak also provides cybercriminals with valuable information, enabling them to target the exposed users for potential cyberattacks or other nefarious purposes.
Update 5/30/23: Impotent, the admin of Exposed, told us that the RaidForums data dump was not originally intended to be public but decided to release it. While they know the data’s source, they have promised not to disclose any details about it. Impotent also claims that the member database table still contains 99% of the original lines, with some removed to “cause no drama.”
Protect Yourself and Your Business
This latest data leak is a stark reminder that no one is immune to cyberattacks, and businesses need to be proactive in protecting their sensitive information. At ZZ Servers, we can help you safeguard your digital assets with our comprehensive cybersecurity solutions. Don’t wait for a data breach to occur — contact us today to learn how we can work together to keep your business secure.
