Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Cops seize Scattered Lapsus$ Hunters' BreachForums domain

The FBI and French cybercrime units seized BreachForums to block a ransom threat involving over one billion Salesforce customer records, just before the October 10 deadline.

  • On October 9, investigators seized the clearnet domain breachforumshn, redirecting nameservers to ns1.fbi.seized.gov and ns2.fbi.seized.gov with a joint DOJ, FBI, BL2C, and JUNALCO notice.
  • The seizure targeted a site used to publicly extort Salesforce customers, just ahead of an October 10 ransom deadline set by Scattered LAPSUS$ Hunters.
  • Captured evidence includes archived BreachForums databases and backups dating back to 2023, escrow databases, and backend servers, which ShinyHunters confirmed as seized and destroyed.
  • Despite the takedown, the Tor hidden service remains active and attackers claim more than one billion records from 39 alleged victims.
  • Historically, BreachForums has repeatedly resurfaced after takedowns, with arrests of operators like Conor Brian Fitzpatrick showing ongoing law enforcement efforts while officials warn the threat persists.
Insights by Ground AI

11 Articles

The RegisterThe Register
Center

Cops seize Scattered Lapsus$ Hunters' BreachForums domain

: US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce

Read Full Article
BleepingComputerBleepingComputer
Center

FBI takes down BreachForums portal used for Salesforce extortion

The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs.

Read Full Article
eSecurityPlaneteSecurityPlanet

FBI Seizes BreachForums Portal Used in Salesforce Extortion Campaign

The FBI, in collaboration with French authorities, has taken down the BreachForums domain used by the ShinyHunters group to extort companies affected by the Salesforce data theft campaign.  The seizure marks a major disruption to one of the most active underground data leak sites tied to multiple high-profile cybercriminal groups, including Scattered Spider and Lapsus$. BreachForums, originally established as a popular marketplace for stolen dat…

Read Full Article
Enterprise Sec TechEnterprise Sec Tech

FBI Seizes BreachForums Domain as ShinyHunters Warn “The Era of Forums Is Over”

The FBI has seized the BreachForums domain once again, marking the third federal takedown of one of the internet’s most infamous criminal marketplaces. The move dismantles a major public hub used by the ShinyHunters collective—along with affiliates from Scattered Spider and Lapsus$—to extort companies hit by the ongoing Salesforce data breach campaign.A Familiar Target in a New FormUntil this week, the domain Breachforums.hn functioned as a data…

Read Full Article
CSO OnlineCSO Online

FBI seizes BreachForums servers as threatened Salesforce data release deadline approaches

Only days ago, a message on the BreachForums extortion site threatened to leak one billion records allegedly stolen from the Salesforce systems of 39 of the largest companies in the world, including Disney, Toyota, Adidas, McDonalds, IKEA, and Home Depot. It was a threat that the criminals behind the site, a super-alliance of the ShinyHunters, Scattered Spider, and LAPSUS$ ransomware groups known as Scattered Lapsus$ Hunters, vowed to carry out …

Read Full Article
The Record by Recorded FutureThe Record by Recorded Future

FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak

As part of its plan to extort high-profile customers of Salesforce, the Scattered Spider group had revived the BreachForums platform. The site now bears an FBI seizure notice.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Friday, October 10, 2025.
Sources are mostly out of (0)

Similar News Topics

Adidas icon

Adidas

Dark Web icon

Dark Web

Salesforce icon

Salesforce

Toyota icon

Toyota

McDonald's icon

McDonald's

Ikea icon

Ikea

Cybercrimes icon

Cybercrimes

News
For You
SearchBlindspotLocal