The FBI has seized the BreachForums domain operated by the ShinyHunters group, which had been used as a data leak and extortion site in connection with the recent Salesforce attacks.
The domain, Breachforums.hn, was taken over as part of a joint operation between U.S. and French authorities before the hackers could begin leaking stolen Salesforce data.
BreachForums was relaunched earlier this year by members of the ShinyHunters, Scattered Spider, and Lapsus$ groups under the name “Scattered Lapsus$ Hunters.” The site was used to extort companies impacted by the Salesforce data theft campaign. However, this week both the main website and its dark web counterpart went offline, with the FBI later replacing the main domain with a seizure notice and moving it to official FBI-controlled servers.
Following the takedown, ShinyHunters confirmed on Telegram that law enforcement also gained access to archived database backups from all BreachForums versions since 2023. The hackers said that the seizure was “inevitable” and declared that “the era of forums is over.” They also revealed that backend servers had been seized, but claimed that no core admin members were arrested and that the dark web data leak site remains online.
The group insists that their ongoing Salesforce data leak campaign will continue, with plans to publish stolen data from over one billion customer records if affected companies refuse to pay ransoms. The list of targeted companies reportedly includes major brands such as FedEx, Disney, Marriott, Google, Cisco, Toyota, Home Depot, Adidas, and Chanel.
BreachForums has long been one of the most active cybercrime communities, serving as a marketplace for stolen data and hacking tools. Its repeated takedowns by global law enforcement highlight ongoing efforts to dismantle major cybercrime networks and prevent future extortion schemes.





