SOCRadar® Cyber Intelligence Inc. | Exposed Forum Reveals RaidForums Database: 478K Members’ Details Leaked


May 30, 2023
4 Mins Read

Exposed Forum Reveals RaidForums Database: 478K Members’ Details Leaked

A database for the infamous RaidForums has been made public. An administrator posted the database on a new hacking forum called “Exposed,” presenting threat actors and security researchers with valuable insights into the former Forum’s users.

From RaidForums to BreachForums, and Finally to the Exposed Forum

RaidForums used to serve as a widely popular platform dedicated to hacking activities and data dissemination. Within this Forum, threat actors would infiltrate various organizations, subsequently leaking and selling the data they acquire.

The Federal Bureau of Investigation (FBI) seized the RaidForums website and infrastructure in April 2022 and arrested the site’s administrator, Omnipotent. After RaidForums’ end, the hacker community gathered in a new forum called Breached (BreachForums) to continue their illicit activities. However, the FBI also arrested the founder of BreachForums, pompompurin, in March 2023. The co-administrator of the Forum feared that law enforcement might have access to BreachForums’ servers and had to shut down the Forum entirely. 

Check out our blog post “Dark Web Threat Profile: pompompurin” for more information on the threat actor called pompompurin, including their activities on former BreachForums.

To fill the gap in the market left by BreachForums, a new hacking forum called Exposed was recently launched and has rapidly gained popularity.

Exposed Forum Admin “Impotent” Leaks RaidForums Member Database

On May 29, 2023, Exposed Forum’s administrator, “Impotent,” revealed the RaidForums member database. The data is now available to other threat actors, researchers, and law enforcement.

The Exposed Forum admin leaks the RaidForums database.
The Exposed Forum admin leaks the RaidForums database.

In addition, they have included this information on their website as an announcement.

exposed forum announcement

Leaked data has surfaced, consisting of a single SQL file containing registration information for RaidForums’ members. The data pertains to the ‘mybb_users’ table used by the forum software to store details such as usernames, email addresses, hashed passwords, registration dates, and other relevant forum-related information.

Within the leaked table, there is information for 478,870 RaidForums members who registered between March 20, 2015, and September 24, 2020, suggesting that the database was dumped during that period.

It has been reported that some RaidForums members have been removed from the database, but the exact timing and reasons behind the original data dump remain unknown.

The legitimacy of the leaked table has been supported by the fact that numerous accounts in the database contain already-known registration information. Members of the Exposed Forum have also confirmed the presence of their information in the MySQL table.

Database confirmation from Exposed Forum users.
Database confirmation from Exposed Forum users.

While it is likely that law enforcement already possesses the database due to the seizure of the Forum, this data can still be valuable to security researchers. They often utilize such information to construct profiles of threat actors and potentially uncover connections to other malicious activities.

SOCRadar’s Dark Web Modules: Stay Informed, Detect Threats

SOCRadar’s Dark Web News and Dark Web Monitoring are two powerful modules that can help organizations protect themselves from cyber threats. 

The Dark Web News module provides updates on the latest dark web activity, including leaked data, stolen credentials, and other malicious activity. 

SOCRadar Dark Web News module

The Dark Web Monitoring module continuously scans the dark and deep web for mentions of an organization’s assets, including websites, email addresses, and IP addresses. This information can be used to identify and respond to threats before they cause damage.

SOCRadar Dark Web Monitoring module

Together, the Dark Web News and Dark Web Monitoring modules provide a comprehensive view of dark web activity, helping organizations to stay ahead of the curve in the fight against cybercrime.

Here are some of the benefits of using SOCRadar’s Dark Web News and Dark Web Monitoring modules:

  • Updates on the latest dark web activity
  • Continuous scanning of the dark web for mentions of an organization’s assets
  • Identification and response to threats before they cause damage
  • A comprehensive view of dark web activity