RaidForums was launched in 2015 by Diogo Santos Coelho of Portugal, aka Omnipotent.
Cybercriminals enormously used the RaidForums hacker site to obtain and sell stolen datasets. The forum represented a database sharing and marketplace forum, which caused specific database breaches and leaks and an active market.
RaidForums: The Biggest Marketplace for Hackers
The marketplace has been active for seven years, and it is the most practical and fastest online marketplace for hackers to sell stolen data or exchange this data between members of the forum. Stolen data in the forum contained personal and financial information such as bank routing and account numbers, credit cards, login information, and social security numbers.
The marketplace stocked more than 10 billion databases from hundreds of stolen databases from people residing in the U.S. to sell to hackers.
Members Become Suspicious on February 27th
Security researchers suspected that RaidForums was seized by law enforcement in February because the site started to show a login part on every page. It was repeatedly redirecting its users to the login page. This led researchers and forum members to believe that the site was seized and that the login prompt was a phishing attempt by law enforcement.
New Update in 2022
The DNS servers for raidforums.com were suddenly changed to the following servers on February 27th, 2022,
As these DNS servers were previously used with other sites seized by law enforcement, including weleakinfo.com and doublevpn.com, researchers believed this added further support that the domain was taken.
Europol’s Role in the Incident of RaidForums Shut Downing
The RaidForums hacker forum has been closed down, and its domain of “raidforums.com,” “Rf.ws,” and “Raid.Lol.” seized by U.S. law enforcement during Operation Tourniquet that coordinated by Europol. Also, the infrastructure of the illegal marketplace is now under the control of law enforcement. Europol says that RaidForums had more than 500,000 members and “was considered one of the world’s biggest hacking forums.”
RaidForum’s administrator Coelho and two of his accomplices have been arrested, and Coelho is facing criminal charges on January 31st in the U.K.
Another exciting piece of info:
After Russia invaded Ukraine and many threat actors began taking sides, RaidForums announced that they were banning any member known to be associated with Russia.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access.