RaidForums, the former leader among the underground forums, now suffers the user data leak. Besides being shut down in April 2022, it is still susceptible to data breach. The data of a black market is now given for free… on another black market.
What is RaidForums?
RaidForums is an ex-leader among Darknet marketplaces and forums that was used to sell different sorts of data. Stolen credentials, PIIs, accesses to the network and data stolen from various sources – hackers flooded it with their stuff. However, it all ended in April 2022, after the successful Operation Tourniquet, initiated by the FBI. The law enforcement managed to seize the servers and detain the forum’s admin – Diogo Santos Coelho.
Nature abhors vacuum, thus the crowd migrated from the wiped platform to other forums. The new favourite – BreachForums – was swirling with criminal activity for almost a year, until the other successful FBI operation. In March 2023, one of the forum admins was detained, and another considered shutting it down due to the danger of the FBI taking over it.
RaidForums Data Leaked
On May 29, on a new favourite among Darknet forums – Exposed, that popped out after the Breached collapse – a database of RaidForum users was published. The one who released it is a forum admin, nicknamed The Impotent. The leaked database contains records (usernames, passwords, emails and even avatars) of over 478,000 users. This leak size is incredible, especially considering that RaidForums had only 550,000 users at the time of its seizure.
Though, as Exposed users who got their hands on the actual database say, it is not complete. Not all of the records have all the data sets mentioned in the leak announcement. Nonetheless, the fact that the data regarding all the users from the ceased forum is now publicly available, is tremendous. The admin refused to share the source of such a leak, but probably this data was already processed by law enforcements who managed to take over the forum. I.e., there is nothing particularly new or deanonymizing, though such a leak available to everyone may be dangerous for ex-users of the RaidForums.
Now what?
As I’ve just mentioned, the RaidForums leak creates privacy and account theft dangers to everyone present in the leaked database. Even though ones who were anywhere near the law enforcement’s interests already got a visit from men in uniform, email+password pair may give out a lot of information. For brute forcers, this data will be a great addition to their databases – and be sure, they will use it. Fortunately, the database was already indexed by services that track exposed data.
If you used RaidForums but don’t see your account in the leak/on the checkup sites, it will still be a good idea to change your password. In the modern threat landscape, this procedure is recommended to perform once a quarter. The more symbols and randomness you use – the less susceptible you are to brute force attempts.