Leaked RaidForums database exposes threat actors

RaidForums gained a reputation as a platform for hosting, leaking, and selling stolen data.

 Computer, Computer Hardware, Computer Keyboard, Electronics, Hardware, Pc, Person, Cross, Symbol

A database of RaidForums’ members, a hacking and data leak forum known for its illicit activities involving stolen data, was leaked online at an online forum Exposed by a forum administrator, ‘Impotent’.

 File, Webpage, Adult, Bride, Female, Person, Wedding, Woman, Face, Head

Forum post leaking the RaidForums member database. Source: BleepingComputer

BleepingComputer has analysed the leaked data, which consists of a SQL file encompassing the ‘mybb_users’ table, a component of RaidForums’ forum software employed for storing registration information.

Within the leaked table, there is sensitive information about 478,870 RaidForums members. This includes usernames, email addresses, hashed passwords and registration dates. The database encompasses users who registered between 20 March 2015, and 24 September 2020, indicating that the dump was likely generated within this timeframe.

Impotent noted that the data dump was intended to remain confidential initially, but a recent choice was made to disclose it. While Impotent knows the data’s source, no specific information has been made public. Notably, around 99% of the original lines within the member database table have been preserved, with only a small number removed to ’cause no drama’.

Although it is likely that law enforcement agencies have already obtained the RaidForums database after seising the site, the leaked data remains valuable for security researchers. Researchers can understand how threat actors establish links to malicious activities by analysing the registration details. This facilitates the creation of profiles for these threat actors, thus bolstering the battle against cybercrime.

RaidForums gained a reputation as a hub for hackers involved in illicit data theft. The forum served as a platform for hosting, leaking, and selling compromised information obtained from targeted organisations. RaidForums’ website and infrastructure were seized in a major international law enforcement operation,, resulting in the arrest of the site’s administrator, Omnipotent, along with two accomplices. With RaidForums no longer operational, users migrated to Breached; However, Breached met a similar fate when the FBI arrested its founder and owner, Pompompurin. Following the shutdown of RaidForums, the emergence of Exposed promptly filled the void, drawing a substantial number of users.