- BreachForums taken offline after CCITIC abuse reports
- The administrator announces his departure, in search of new leadership
- Forum trust eroded after database of 324,000 users leaked in January 2026
BreachForums, one of the most popular underground forums for sharing malware, stolen data and more, has been taken down. Today, the administrator seems to have given up and is looking for someone to pass the torch to.
Over the weekend, the Cyber Counter-Intelligence Threat Investigation Consortium (CCITIC) posted on LinkedIn that the clearnet and Tor versions of BreachForums were displaying a 502 – Bad Gateway error.
CCITIC is a nonprofit organization that investigates cybersecurity threats and assists law enforcement in their removal efforts. The organization said it successfully identified the upstream servers behind BreachForums, all hosted on DigitalOcean (ASN 14061) in the Frankfurt am Main data center. After filing abuse reports, all three servers were taken offline.
Article continues below
The administrator resigns
This isn’t BreachForums’ first rodeo. It was seized twice by law enforcement – once in June 2023, then a second time in May 2024. Each time, it managed to bounce back, and it is likely to happen again. However, it could be a new direction.
Following the shutdown and defacement, the forum administrator posted a message on the home page, announcing that he was resigning and looking for someone else to take over.
“It’s time for me to say goodbye – but not completely,” the message read. “For the moment, however, I must take a step back. Despite this, I will continue to support BreachForums in whatever way possible. For this reason, we are now looking for a responsible person or group willing to take over the leadership and continued support of the forum.”
CCITIC suggests that the forum may never recover because things have changed. “In January 2026, its own database of approximately 324,000 users was leaked,” the organization said. “The ecosystem is fracturing and trust between threat actors is collapsing. »
“You don’t have to be the FBI to take action. A rigorous OSINT job, an identification of the main server, a well-documented abuse report sent to the right hosting provider – and a cybercriminal forum goes down.”
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
