Dark Web Data Leak Exposes RaidForums Members

Nearly half a million members of a notorious cybercrime forum have had their details publicly exposed after a key database was published on another hacking site.

Cybersecurity researchers at VX-Underground confirmed the news that over 478,000 users of RaidForums had their data leaked on up-and-coming forum Exposed.

“The administrative staff of Exposed would not tell us the source of the RaidForums database leak,” they tweeted.

Read more on RaidForums: RaidForums Hacker Marketplace Shut Down in Cross-Border Law Enforcement Operation.

A screenshot shared by Emsisoft threat analyst, Brett Callow, shows the leak was posted by an Exposed admin known as “Impotent.”

It also reveals that members’ usernames, email addresses and hashed passwords are among the haul.

While police likely already have this information following the site’s takedown in April 2022, it could be of use to security researchers looking to build up more information on threat actors.

Some users’ details appear to have been removed from the leak, although it is not clear how many or why.

Launched in 2015, RaidForums was one of the world’s largest hacking forums, enabling members to trade and publish compromised data. Multiple high-profile database breaches ended up on the site, including 40 million user records from mobile app Wishbone and a separate trove of COVID-19 test data.

After coordinated law enforcement action on both sides of the Atlantic, the RaidForums domain was seized and its alleged administrator and two accomplices were arrested.  

According to the Department of Justice (DoJ), RaidForums members offered hundreds of databases of stolen data containing more than 10 billion unique records for sale over the years, impacting countless US and global victims.

In its early days, the site was also used to coordinate “raiding” attacks designed to harass individuals online and “swatting” in which SWAT teams are prank-called to victims’ houses.