BreachForums
In November 2022, the well-known hacking forum “BreachForums” was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies. The breach exposed 212k records including usernames, IP and email addresses, private messages between site members and passwords stored as argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to “breached_db_person”.
Breach date: 29 November 2022
Date added to HIBP: 26 July 2023
Compromised accounts: 212,156
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
comment: I guess the hackers aren’t so lucky with their DMs either.
deleted by creator
There is always a bigger fish.
So was the operator of the website arrested because they released the details themself? Is that what’s implied?
Looks like he was arrested for all the other cyber crimes he was committing. It doesn’t say he wasn’t the “leak” but also doesn’t imply it either.
Ah thanks. The way the short HIBP message is phrased made it sound like the events may have been connected.
How good is argon2?
It seems to be the most recommended password hashing algorithm at the moment (https://en.wikipedia.org/wiki/Argon2), although this will depend on the version actually used, and the configuration parameters. If they use at least the standard recommendation, it is currently impractical to crack a strong password.
We still say “pwned”?
That is the name of the website linked… I hate the word/phrase, but, it is what it is now.