- BreachForums offline after CCITIC abuse reports
- The administrator announces his departure and seeks new leadership
- Forum trust eroded after database of 324,000 users was leaked in January 2026
BreachForums, one of the most popular underground forums for sharing malware, stolen data, and more, has been removed. Now, the administrator seems to give up and look for someone to pass the baton to.
Over the weekend, the Cyber ​​Counterintelligence Threat Research Consortium (CCITIC) posted on LinkedIn that both the clearnet and Tor versions of BreachForums were showing a 502 – Bad Gateway error.
CCITIC is a non-profit organization that investigates cybersecurity threats and assists authorities in takedown efforts, and the organization said it managed to identify the upstream servers behind BreachForums, all hosted on DigitalOcean (ASN 14061) in the Frankfurt am Main data center. After filing abuse reports, all three servers were taken offline.
Article continues below.
The administrator resigns
This isn’t BreachForums’ first rodeo. Authorities seized him twice: once in June 2023 and again in May 2024. Each time he managed to recover and it is likely to happen again. However, it could be under new management.
Following the closure and defacement, the forum administrator posted a message on the home page, saying that they were resigning and looking for someone else to take over.
“It’s time to say goodbye, although not completely,” the post says. “At this time, however, I must take a step back. Despite this, I will continue to support BreachForums in any way I can whenever possible. For this reason, we are now seeking a responsible individual or group willing to take on the leadership and continued support of the forum.”
However, the CCITIC suggests that the forum may never recover as things have changed. “In January 2026, its own database of ~324,000 users was leaked,” the organization said. “The ecosystem is fracturing and trust between threat actors is collapsing.”
“You don’t have to be the FBI to take action. Rigorous OSINT work, backend server identification, a well-documented abuse report sent to the appropriate hosting provider, and a cybercriminal forum down.”
Through cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
