Infamous hacker forum suffers major data leak

30 May, 2023 19:14 / Updated 2 years ago
A database for the now-defunct RaidForums containing data on nearly half a million members was posted online

The personal information of nearly half a million users of notorious hacker forum RaidForums has been leaked to the public, tech blog BleepingComputer confirmed on Monday. 

An SQL database containing the registration information for 478,870 RaidForms members who joined the site between 2015 and 2020 – including usernames, emails, registration dates, and hashed passwords – was posted to a newer hacking forum, Exposed, by that forum’s administrator, ‘Impotent,’ on Monday. 

Impotent told BleepingComputer that while users had been excluded from the database so as to “cause no drama,” 99% of the original content was still present. Only Exposed knew the source of the data, but would not share any details, the admin added on Tuesday, explaining that the database had not been intended for the public but that Impotent had made the decision to leak it anyway. Other members of Exposed have reportedly vouched for the legitimacy of the information.

Before it was seized by law enforcement last year, RaidForums was a popular exchange for hackers, fraudsters, scammers, and internet criminals of all stripes, who would post hacked or stolen data for sale to others in the digital underworld. If no one bought what they were offering, it would often be leaked on RaidForums to bolster the poster’s reputation. 

Impotent’s handle is considered an homage to RaidForums’ administrator, Omnipotent, who was arrested and unmasked as 21-year-old Diogo Santos Coelho of Portugal in January 2022 as part of an international law enforcement action called Operation TOURNIQUET involving authorities in the US, UK, Sweden, Portugal and Romania. 

At the time of Coelho’s arrest, RaidForums had over 500,000 active users and had been used to trade hundreds of databases of stolen data containing more than 10 billion unique identity records, according to the US Department of Justice. 

The site remained live – with a number of security red-flags noticed by members – for three more months before it was finally taken down in April 2022. Following the start of Russia’s military operation in Ukraine, RaidForums announced that it was banning any member known to be associated with Russia.

Last month, the Dutch National Police sent thousands of emails, mailed hundreds of letters and even made phone calls to former RaidForums members to warn them they were under surveillance, urging them to delete any stolen or traded data in their possession. Officers obtained the users’ identities by analyzing a RaidForums database like the one leaked on Monday which reportedly included the IP addresses used to register and login.