A structured query language (SQL) database, containing registration data for 478,870 members of RaidForums from 2015 to 2020, was released on a newer hacking platform, Exposed. The leaked information includes details such as usernames, emails, registration dates, and hashed passwords. The individual responsible for posting the data, an administrator of Exposed known as 'Impotent,' released this information on Monday.
While speaking with BleepingComputer, Impotent mentioned that specific user data was intentionally excluded from the database to "cause no drama," ensuring that 99% of the original content remained. The Exposed admin claimed exclusive knowledge of the data's source but declined to share further information. Additionally, he clarified that the database was not initially intended for public release, but he decided to leak it nonetheless. Several members of Exposed have reportedly vouched for the authenticity of this data.
RaidForums, seized by law enforcement in 2022, was a notorious hub for hackers, fraudsters, and various online criminals. It served as a marketplace for trading hacked or stolen data. Users would frequently leak un-purchased data on RaidForums to enhance their reputations.
Impotent’s pseudonym is considered a nod to RaidForums' former administrator, Omnipotent. Identified as Diogo Santos Coelho, a 21-year-old Portuguese national, Omnipotent was arrested in January 2022 during Operation TOURNIQUET, a multinational law enforcement initiative.
At the time of Coelho’s arrest, RaidForums boasted over 500,000 active users and was implicated in the trade of hundreds of databases of stolen data, representing more than 10 billion unique identity records, as stated by the US Department of Justice.
Despite numerous security red flags raised by its members, RaidForums remained operational for three months following Coelho’s arrest, until its eventual takedown in April 2022. Amid Russia’s military operations in Ukraine, RaidForums announced the banning of any members linked to Russia.
In a recent development, the Dutch National Police contacted thousands of former RaidForums members to notify them of surveillance and to encourage the deletion of any stolen or traded data they possessed. This outreach was facilitated by the analysis of a RaidForums database similar to the one leaked on Exposed, which allegedly contained the IP addresses associated with user registration and login.