Fact-checked by Grok 2 weeks ago

RaidForums

RaidForums was an English-language forum founded in 2015 that operated as a major where cybercriminals traded stolen personal and financial data, including credentials, details, and Social Security numbers, amassing over 10 billion unique records for sale. Initially centered on coordinating electronic harassment tactics such as raiding and , the platform evolved into a hub for discussions, tool distribution, and membership-based access to illicit databases, attracting over 500,000 users. The forum's activities facilitated widespread data breaches by enabling the monetization and further exploitation of compromised information from high-profile U.S. corporations and other entities, contributing to and on a global scale. Its tiered credit system allowed users to purchase premium content, underscoring its commercial structure within the underground economy. In February 2022, RaidForums was shut down through Operation TOURNIQUET, a year-long enforcement effort coordinated by Europol's European Cybercrime Centre involving agencies from the , , , , , and , resulting in the seizure of its infrastructure and the arrest of its administrator, Diogo Santos Coelho, along with two accomplices. This action disrupted a key node in the ecosystem, though successor platforms have since emerged.

History

Founding and Early Years (2015–2017)

RaidForums was founded in 2015 by Diogo Santos Coelho, a 14-year-old Portuguese national known online as Omnipotent. The platform originated as a response to the instability of existing online communities, particularly those focused on "raiding" Twitch streamers, which were often disrupted by DDoS attacks. Omnipotent, drawing inspiration from a Steam discussion group and figures like the Twitch raider Celaeon, established the forum to provide a more reliable space for such activities. Initially, the forum served primarily as a coordination hub for harassment campaigns targeting users, involving tactics such as mass-reporting alleged illegal content to authorities or, in extreme cases, . These raids reflected the founder's early involvement in disruptive online behaviors rather than sophisticated . Omnipotent has stated that the was not created for profit, with early operations relying on donations to cover expenses in exchange for lifetime ranks. From 2015 to 2017, RaidForums began evolving beyond raiding, incorporating sections for discussions and data leaks. A "Leaks" area emerged where users shared stolen databases, personal information, and materials, attracting script kiddies alongside emerging hackers. This period marked steady community growth, as the forum's stability fostered increased engagement in illicit , laying the foundation for its later role in larger-scale . By 2017, it had transitioned into a broader haven for unauthorized data dissemination, though still rooted in its origins of online disruption.

Expansion and Peak Activity (2018–2021)

During 2018–2021, RaidForums transitioned from a platform primarily focused on coordinating campaigns to a prominent hub for trading stolen and discussing hacking techniques, including and SIM swapping methods. This expansion attracted a broader user base of novice and intermediate cybercriminals, distinguishing it from more exclusive forums due to its clearnet accessibility. The forum's registered user count grew substantially, with internal from September 2020 revealing approximately 478,000 members, reflecting increased engagement amid rising incidents. By 2021, RaidForums claimed over 700,000 registered users, positioning it as a key for illicit exchanges. This period saw the platform host hundreds of containing more than 10 billion records of personal and corporate information stolen from various . Peak activity occurred in 2021, exemplified by major leaks such as the April publication of a database with phone numbers from nearly 533 million accounts and the mid-February dump of affecting over 500,000 citizens. These events underscored RaidForums' role as an epicenter for disseminating large-scale stolen datasets, fueling further user participation and transactions in credentials, financial records, and other sensitive materials.

Platform Features and Operations

Forum Structure and User Engagement

RaidForums featured a hierarchical structure typical of online hacking communities, with main categories divided into subforums dedicated to specific illicit activities. Key sections included "Leaks and Dumps" for sharing stolen databases and credentials, "Marketplace" for trading hacked data and services, "Cracking" for discussions on password cracking tools and methods, "Tutorials" for instructional content on hacking techniques, and ancillary areas like "Off-Topic" for general user interactions. This organization facilitated targeted engagement, allowing users to navigate directly to relevant content for data exchange or skill-building. User engagement was robust, driven by the forum's role as a central hub for cybercriminals to collaborate and monetize breaches. By , the platform hosted over 55,000 posts per month, reflecting high activity levels among its approximately 479,000 registered members. Participation involved users posting threads with fresh leaks—such as credentials from major breaches—aiding rapid dissemination and verification of data authenticity through community feedback and systems. Vendors offered services like custom hacks or cracked accounts, often with user ratings to build trust and encourage repeat interactions. The forum employed a reputation-based system where active contributors earned ranks, incentivizing quality posts and sustained involvement. New users started with limited privileges, progressing through verified contributions to access premium sections or trade higher-value data. This element, combined with anonymity tools and clear rules against scams, fostered a self-policing that sustained engagement until the site's seizure in June 2022. Despite its underground nature, the structured environment and perceived utility in accessing exclusive breach materials drew consistent traffic from global threat actors.

Data Markets and Trading Mechanisms

RaidForums operated a "Leaks Market" subforum dedicated to the buying, selling, and trading of stolen , including hacked with identifiers such as Social Security numbers, dates of birth, addresses, credentials, details, and information. The platform provided access to over 10 billion unique records amassed from breaches affecting millions of individuals globally. Transactions occurred primarily through forum threads where users posted offers, negotiated prices, and shared samples to attract buyers; auctions allowed on data dumps, with the forum collecting a percentage of proceeds as mediation fees. A credits system enabled members to unlock and download files, earned via forum activity or purchased directly. For higher-value deals, administrators offered an "Official Middleman" escrow service, verifying payments and before release to build trust between parties. Payments were executed using privacy-focused cryptocurrencies, predominantly , to obscure transaction trails. Access to premium trading features required tiered memberships, with levels like "" status providing privileges such as private auctions and exclusive databases, enforced through escalating subscription fees. Pricing varied by data quality and sensitivity, with corporate financial records and large-scale breaches commanding the highest values; for instance, the 2021 T-Mobile data leak involving 37 million records and a 2021 LinkedIn user data compilation of 700 million entries were actively marketed and sold. These mechanisms facilitated rapid monetization of breaches, though the forum's clear-net accessibility distinguished it from dark web markets by prioritizing user volume over strict anonymity.

Administration and Governance

Key Administrators and Moderators

Diogo Santos Coelho, a national born in 2000 and known online by the aliases "ema" and "Omnipotent," served as the founder and chief administrator of RaidForums since its launch in 2015. As the primary operator, Coelho allegedly controlled the forum's infrastructure, moderated content, and facilitated the distribution of stolen data, including personal information from millions of individuals, while enabling user transactions for illicit materials. He was arrested in the on January 31, 2022, following a U.S. request, and has faced charges including to commit access device , in connection with RaidForums' operations that supported cybercrimes such as and financial . As of September 2025, Coelho remains in UK custody pending ongoing proceedings to the , where he faces potential sentences totaling up to 52 years. RaidForums was operated with assistance from additional unnamed website administrators who helped manage membership, enforce rules, and process payments, including laundering activities. TOURNIQUET, the enforcement effort culminating in the forum's shutdown on April 12, 2022, resulted in the arrests of Coelho and two accomplices, though specific identities and roles of the latter beyond administrative support have not been publicly detailed in indictments or official releases. Moderators, responsible for overseeing forum sections on techniques, data leaks, and trading, operated under the oversight of top administrators like Coelho but were not individually named in legal actions, reflecting the platform's emphasis on to shield participants from accountability. The lack of disclosed moderator identities underscores systemic challenges in attributing roles within pseudonymous forums, where enforcement relied on centralized control by figures like Coelho.

Policies on Content and User Behavior

RaidForums maintained policies that permitted extensive discussions on hacking techniques, the sharing of leaked databases, and the trading of stolen personal identifiable information (PII) in designated sections such as "Leaks Market" and "Databases." The forum's founder and administrator, Diogo Santos Coelho (known as Omnipotent), stated that these areas were not actively policed for the legality of data origins, as verification was deemed impractical, with the emphasis placed on public education through free data dissemination rather than profit from sales. In May 2021, RaidForums joined other cybercriminal forums like Exploit and XSS in prohibiting the sale and advertisement of ransomware, reflecting a temporary policy shift amid public scrutiny following high-profile incidents like the Colonial Pipeline attack. User behavior was governed by rules aimed at maintaining operational integrity, including a prohibition on on-site doxing, though links to off-site doxing content (e.g., via Pastebin) were tolerated in specific subforums. Violations led to bans, but enforcement was limited, with Omnipotent acknowledging challenges in preventing off-platform actions: "we can’t stop people from doxing." New users faced restrictions, such as inability to send private messages without building account reputation or making a small donation, to curb spam. Scam allegations required evidentiary proof under forum guidelines, enabling users to report and potentially ban fraudulent sellers, though this mechanism was inconsistently applied amid widespread scamming. Moderation relied on user reports and rather than proactive oversight, with sections explicitly created for trading despite nominal rules. During the 2022 Russia-Ukraine conflict, administrators imposed a on Russian-connected members, diverging from core operational policies to address geopolitical tensions. Overall, policies prioritized functionality and accessibility over strict legal compliance, facilitating while mitigating risks like infiltration through selective prohibitions.

Content and Activities

Hacking Techniques and Discussions

RaidForums maintained dedicated forum sections for discussing and disseminating hacking techniques, including subforums categorized under "Cracking," "Tutorials," and related areas focused on vulnerability exploitation and account compromise methods. These areas featured user-generated content such as guides on password cracking using tools like Hashcat for dictionary and brute-force attacks against hashed credentials extracted from data breaches. Discussions often centered on practical applications, with threads sharing configurations for automated "checkers" and bots that tested stolen username-password pairs across multiple services via credential stuffing—a technique involving high-volume login attempts to exploit password reuse. Social engineering tactics, including phishing simulations and spear-phishing templates, were frequently dissected in tutorial threads, where users exchanged kits for crafting deceptive emails or websites to harvest credentials. Vulnerability exploitation discussions highlighted methods like for database enumeration and (XSS) for , often tied to real-world breach walkthroughs where participants detailed , payload deployment, and steps. These exchanges emphasized efficiency in monetizing techniques, such as combining stealer logs with cracking tools to generate "combo lists" for further attacks, fostering a collaborative environment for refining exploits against corporate and individual targets. Beyond textual guides, users shared code snippets, scripts, and pre-configured tools for deployment, including remote access trojans (RATs) and keyloggers, with debates on evasion tactics against antivirus detection and endpoint security. Forum etiquette encouraged verifiable proof-of-concept results, such as screenshots of successful intrusions, to build credibility among participants, though occasionally removed low-quality or posts to maintain utility for serious actors. This structure enabled rapid dissemination of evolving methods, contributing to the forum's role as a hub for operational knowledge prior to its 2022 seizure.

Data Leaks, Doxxing, and Other Practices

RaidForums hosted dedicated subforums for sharing stolen databases from corporate breaches, often containing millions of records with personally identifiable information (PII) such as names, addresses, numbers, and credentials, which users exploited for further unauthorized access or resale. One prominent case involved the April 2021 posting of data from approximately 533 million accounts, including numbers scraped via vulnerabilities, enabling widespread and attempts. Another example was the 2021 T-Mobile breach data, affecting 37 million customers with details like names, addresses, and IMEI numbers, which members auctioned in dedicated threads. The forum also featured leaks from apps like , exposing 40 million user records including emails and IP addresses. Doxxing on RaidForums entailed users aggregating and disseminating private details about individuals—such as home addresses, family member information, employment history, and profiles—to facilitate , , or "raids" (coordinated online attacks). Originating from earlier raiding communities, the platform's early sections encouraged campaigns targeting gamers, journalists, and public figures perceived as adversaries, with threads providing step-by-step guides on sourcing data from , social engineering, or breached databases. Users often traded doxxing "kits" or services, charging fees for compiled dossiers, which blurred into markets for identity verification tools and SIM-swapping techniques to seize phone numbers for two-factor authentication bypasses. These practices amplified harm by enabling real-world and financial , as evidenced by U.S. Department of Justice charges against the site's for conspiring to traffic in stolen PII used in such activities. Beyond leaks and doxxing, members engaged in related illicit exchanges like lists derived from prior breaches and tools for automating scraping from data brokers or unsecured . Forum rules nominally prohibited certain extreme content, such as child exploitation material, but enforcement was lax, allowing proliferation of fraud-enabling datasets like bank logs and corporate employee directories. The site's scale—hosting hundreds of gigabytes of across thousands of threads—positioned it as a central hub for cybercriminals to validate and weaponize leaks, contributing to broader ecosystem of identity-based crimes.

Controversies

Allegations of Facilitating Cybercrime

RaidForums faced allegations from U.S. and enforcement agencies of serving as a central hub for cybercriminals to buy, sell, and trade stolen , hacked databases, and login credentials, thereby enabling widespread , financial , and other illicit activities. The platform, operational since 2015, allegedly hosted marketplaces where users posted and monetized data extracted from major breaches, including social security numbers, details, and corporate records, with transactions often conducted via . Authorities, including the FBI and , claimed that RaidForums directly contributed to by providing tools and forums for sharing hacking techniques alongside the illicit , which lowered barriers for novice offenders to exploit victims. For instance, compromised datasets from incidents like the breach were rapidly disseminated on the site, allowing purchasers to perpetrate account takeovers and schemes. These activities were said to have fueled a shadow economy, with the forum's structure encouraging competitive bidding and verification of authenticity to ensure usability in real-world crimes. The U.S. Department of Justice unsealed charges against alleged administrator Diogo Santos Coelho in April 2022, accusing him of to commit access device and other counts tied to the platform's operations, which purportedly processed millions in illicit trades. Critics from cybersecurity firms noted that while RaidForums defended itself as a space for "information sharing," its moderation policies and fee structures—such as credits earned from posting leaks—systematically incentivized the influx of actionable stolen goods over benign discussion. Operation TOURNIQUET, the multinational effort culminating in the site's seizure on April 12, 2022, highlighted these facilitation claims through evidence of explicitly linking forum trades to downstream offenses like follow-ons and dox-for-hire services.

Debates on Free Information Exchange vs. Harm

The operation and content of RaidForums ignited debates over whether forums dedicated to sharing leaked data and techniques promote exchange beneficial for cybersecurity or predominantly enable widespread harm through the commodification of stolen information. Supporters, including forum founder "Omnipotent," contended that retaining leaked articles and discussions was shielded by free speech principles and doctrines, positing that such accessibility could aid in forensic analysis and vulnerability disclosure without direct endorsement of illicit acts. Critics, encompassing U.S. Department of Justice officials and cybersecurity firms, emphasized the platform's role in lowering barriers for cybercriminals, with over 445,000 users trading vast troves of personal data—such as credentials from major breaches—which fueled a surge in identity theft and fraud during 2020-2021, including millions of cases tied to pandemic-era data proliferation. Operation TOURNIQUET investigators highlighted how RaidForums' marketplace model monetized breaches, enabling novice actors to exploit data for financial gain with minimal technical hurdles, thereby amplifying real-world victimization over any purported educational value. Broader analyses of hacker forums suggest a potential : monitoring sites like RaidForums could yield by revealing breach details early, allowing organizations to patch vulnerabilities or alert affected users before full exploitation. However, specific to RaidForums indicates these benefits were marginal, as the forum's lax policies prioritized black-hat trading and doxxing over moderated defensive , with sales directly correlating to escalated attacks rather than proactive mitigations. reports further underscore that such platforms facilitate knowledge-sharing among threat actors, perpetuating cycles of crime with net negative impacts on protection ecosystems.

Legal Actions and Shutdown

Operation TOURNIQUET and International Cooperation

Operation TOURNIQUET was a multinational law enforcement operation coordinated by Europol's Joint Cybercrime Action Taskforce (J-CAT) to dismantle RaidForums, an online forum facilitating the trade of stolen data and hacking tools since 2015. The effort, spanning over a year of investigation, culminated in the seizure of the forum's infrastructure and domains on April 12, 2022, disrupting access to billions of compromised records shared among its estimated 500,000 users. Participating agencies included the U.S. Federal Bureau of Investigation (FBI), U.S. Secret Service, Internal Revenue Service Criminal Investigation (IRS-CI), and the U.S. Department of Justice's Eastern District of Virginia; the UK's National Crime Agency (NCA); Sweden's National Police; Portugal's Judicial Police; Romania's National Police; and Germany's Federal Criminal Police Office (BKA). These entities from six countries collaborated through intelligence sharing, joint strategy sessions, and synchronized actions to target the forum's operators and users. The U.S. led the domain seizures under judicial warrant, while arrests were executed across jurisdictions, including the January 31, 2022, detention in the UK of Diogo Santos Coelho, the 21-year-old Portuguese national identified as RaidForums' primary administrator, on a U.S. provisional arrest warrant for extradition. Two additional accomplices were also apprehended in connection with the operation. International cooperation emphasized rapid via Europol's European Cybercrime Centre (EC3) and J-CAT platforms, enabling the identification of key figures despite the forum's use of obfuscated infrastructure and anonymous hosting. This cross-border effort addressed jurisdictional challenges, such as Coelho's operations from while residing in the UK, and highlighted the role of mutual legal assistance treaties in pursuing charges including conspiracy, access device fraud, and aggravated under U.S. law. The operation underscored Europol's coordination in disrupting marketplaces, with U.S. authorities noting its impact on halting the monetization of data breaches affecting millions worldwide.

Domain Seizure and Immediate Aftermath

On April 12, 2022, the United States Department of Justice announced the seizure of RaidForums' primary domains—raidforums.com, raidforums.st, and rfws.com—along with associated infrastructure, as part of Operation TOURNIQUET, a multinational law enforcement effort led by the U.S. in coordination with agencies from the United Kingdom, Sweden, Portugal, and Romania. The operation targeted the forum's role as a marketplace for stolen data, hacking tools, and illicit services, resulting in the site's replacement with a U.S. government seizure notice. This followed approximately one month of prior downtime, during which user access was intermittently disrupted starting in late February 2022. The disrupted RaidForums' operations, which at the time hosted over 530,000 registered users and facilitated the trade of billions of compromised credentials and personal records. In the immediate aftermath, the forum's administrator, known online as "Omnipotent" (real name Diogo Santos Coelho), faced ongoing stemming from an earlier arrest in the UK on January 28, 2022, where authorities seized cash and assets valued at over £500,000. No additional arrests were publicly tied directly to the announcement, but the action underscored international cooperation against platforms. User communities responded swiftly by migrating to alternative forums, with platforms like Breached.to emerging in March 2022 to fill the void left by RaidForums' inaccessibility. This migration preserved continuity in data leak sharing and discussions, as evidenced by the rapid growth of successors that attracted former RaidForums members and threat actors. The shutdown did not eradicate the underlying ecosystem, instead prompting adaptations that sustained illicit online marketplaces in the short term.

Post-Shutdown Developments

Arrest and Extradition Proceedings

Diogo Santos Coelho, the national identified as the founder and primary administrator of RaidForums under the pseudonym "Omnipotent," was arrested on January 31, 2022, in the United Kingdom while visiting his mother. authorities, leading Operation TOURNIQUET, sought his on charges including to commit access device , in connection with facilitating the sale and distribution of stolen affecting over 10 billion records through the forum. Coelho, who launched RaidForums in 2015 at age 14, has contested , arguing vulnerability due to online grooming and exploitation by adults from a young age, which purportedly impaired his judgment and . courts initially approved extradition proceedings, with Coelho facing potential sentences totaling up to 52 years if convicted on all U.S. counts related to unauthorized and trafficking. However, in March 2024, he publicly appealed to the government to halt the process, citing risks to his well-being and disproportionate punishment for adolescent actions. On September 11, 2025, the UK High Court quashed the Home Office's order, ruling that Coelho's exploitation as a minor constituted a violation under the , potentially barring transfer to the U.S. The decision has left proceedings in , with U.S. prosecutors likely to appeal, as Coelho remains detained in the UK pending resolution; no trial has commenced as of October 2025. This outcome highlights tensions in extraditions involving defendants active from , though U.S. officials maintain the forum's role in enabling widespread data breaches justifies prosecution regardless of age at inception.

User Data Leak (2023)

On May 29, 2023, a database containing records of approximately 478,600 to 479,000 RaidForums users was publicly leaked on a newly established forum called Exposed. The leak was initiated by an Exposed forum administrator or user known as "Impotent," who posted the full database file without specifying its origin, though it encompassed user registrations from March to September 2020. This event occurred over a year after RaidForums' domain seizure by U.S. authorities in June 2022, suggesting the data may have been obtained prior to or during operations, such as through an earlier compromise in September 2020. The compromised dataset included sensitive user information such as email addresses, usernames, handles, preferred languages, addresses, dates of birth, activity logs, login keys, and salted password hashes. Analysis indicated significant email domain reuse, with over 70% of addresses tied to , and notable overlaps with other illicit s like and among the most active users. Approximately 63% of the profiled users showed no activity on the , highlighting a mix of dormant and engaged participants from RaidForums' history of sharing stolen data and hacking tools. The leak rapidly boosted Exposed's visibility, tripling its user base from around 900 to over 3,200 within two days, as it provided threat actors and researchers access to historical community insights. Cybersecurity services like incorporated the breach into their databases by May 31, 2023, notifying affected individuals and emphasizing risks from password reuse across platforms. For former RaidForums members—many linked to data breaches and doxxing activities—the exposure of IPs and personal details heightened vulnerabilities to retaliation, deanonymization, or further legal scrutiny amid ongoing FBI investigations into related forums.

Legacy and Impact

Influence on Successor Forums

BreachForums, established in March 2022 by the user known as pompompurin, positioned itself as the direct successor to RaidForums, replicating its layout, functionality, and focus on trading stolen databases, tools, and leaked credentials. The forum explicitly incentivized migration from RaidForums by offering premium memberships and data import tools to former users, rapidly amassing a community of over 150,000 members by mid-2022 and filling the void left by RaidForums' impending shutdown. This transition underscored RaidForums' foundational role in normalizing English-language platforms for black-hat discussions and data , where users shared exploits, stealer logs, and breach datasets in structured sections akin to RaidForums' model. The influence extended to operational practices, with adopting RaidForums' emphasis on verified data dumps and vendor credibility systems to build trust among cybercriminals, thereby sustaining a that prioritized volume over exclusivity. By September 2022, six months post-RaidForums seizure, had hosted thousands of active threat actors trading high-profile leaks, demonstrating how RaidForums' decade-long aggregation of techniques—such as database validation and affiliate —directly informed successor and against . Following ' domain seizures by the FBI in March and June 2023, iterative replacements like new .co domains and splinter communities emerged, often led by RaidForums alumni groups such as , who leveraged established networks to relaunch under similar banners. These offshoots perpetuated RaidForums' legacy by maintaining decentralized hosting strategies and user-vetted content policies, evidencing a causal continuity in facilitation where forum disruptions prompted adaptive evolution rather than cessation. By 2024, such platforms continued to dominate data leak trades, with RaidForums' influence evident in the persistent demand for its archived methodologies, as referenced in ongoing discussions of breach validation and tool-sharing norms.

Effects on Cybersecurity and Data Protection

RaidForums served as a central hub for the dissemination and monetization of stolen data, including personal identifiable information (PII), corporate credentials, and breached databases affecting millions of individuals and organizations worldwide, thereby exacerbating risks to data protection by enabling widespread secondary exploitation such as , , and unauthorized network access. The platform's model lowered barriers for cybercriminals, allowing even novice actors to acquire and repurpose leaked datasets from high-profile incidents, which prolonged the lifecycle of compromised information and hindered victims' ability to mitigate harms like account compromises or financial . The forum's shutdown on February 2, 2022, through Operation TOURNIQUET—a multinational effort led by U.S. authorities—temporarily disrupted this ecosystem by seizing its infrastructure and arresting administrator Diogo Santos Coelho (known as "Pompompurin"), potentially reducing immediate circulation on that specific venue. However, the rapid emergence of successor platforms like Breached.to, which absorbed RaidForums' user base and resumed trading activities by mid-2022, indicated limited long-term efficacy in curbing underground markets, as threat actors migrated to alternative forums with comparable functionalities. In a notable irony, the 2023 leak of RaidForums' own database—containing details of approximately 478,000 members, including usernames, addresses, addresses, and private messages—exposed participants to heightened cybersecurity risks, such as doxxing and targeted attacks, while providing and researchers with insights into forum operations but underscoring the inherent vulnerabilities of such platforms to internal es. This event highlighted broader data protection challenges in ecosystems, where stolen information persists across networks despite takedowns, often fueling iterative attacks rather than resolution. Overall, RaidForums amplified systemic weaknesses in cybersecurity by normalizing data commodification, though enforcement actions prompted some organizations to enhance detection and response, albeit without verifiable reductions in global incident rates attributable solely to its closure.

References

  1. [1]
    https://www.justice.gov/opa/pr/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator
  2. [2]
    One of the world’s biggest hacker forums taken down | Europol
    ### Summary of RaidForums Shutdown and Operation TOURNIQUET
  3. [3]
    Founder of One of World's Largest Hacker Forums Resentenced to ...
    Sep 16, 2025 · BreachForums emerged as a replacement to RaidForums, a then major English-language hacking forum that law enforcement seized in February 2022.
  4. [4]
    The Story of RaidForums - BreachDirectory Blog
    Jul 7, 2024 · For many, RaidForums was known as the primary source of famous data breaches and hacking tools until its seizure by law enforcement in 2022. The ...Missing: history 2015-2017
  5. [5]
    What It's Like to Run a Hacking Forum - Recorded Future News
    Jan 12, 2021 · Omnipotent talked with Recorded Future expert threat intelligence analyst Dmitry Smilyanets about why he started RaidForums.Missing: early history 2015-2017
  6. [6]
    Life and death of RaidForums, the largest illegal personal data ...
    Apr 21, 2022 · Initially created in 2015 to coordinate harassment campaigns, the site has become the epicenter for the largest data thefts in recent years.Missing: history 2015-2017<|separator|>
  7. [7]
    United States Leads Seizure of One of the World's Largest Hacker ...
    Apr 12, 2022 · The Department of Justice today announced the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell ...
  8. [8]
    RaidForums Data Breach - Have I Been Pwned
    478k user records from the now defunct hacking forum known as RaidForums was posted to another hacking forum. The data dated back to September 2020.Missing: 2018-2021 | Show results with:2018-2021
  9. [9]
    Recapping Raid Forums: The Place Where Data Was - LevelBlue
    Oct 18, 2024 · At the center was its founder, Diogo Santos Coelho, or “Omnipotent,” a 14-year-old Portuguese national with a propensity for cybercrime.
  10. [10]
    Six Months Into Breached: The Legacy of Raidforums? - KELA Cyber
    Sep 12, 2022 · After RaidForums' shutdown, Breached emerged as a leading cybercrime forum, attracting thousands with leaked data and active threat actors.Missing: shutdown | Show results with:shutdown<|control11|><|separator|>
  11. [11]
    Raidforums Leaked Database – Insights and Intelligence by Kela
    May 31, 2023 · On May 29, 2023, a database containing the information of nearly 479000 members of the RaidForums hacking forum was leaked online on a new ...Missing: launch | Show results with:launch
  12. [12]
    What is the RaidForums? - SOCRadar® Cyber Intelligence Inc.
    May 13, 2022 · The forum represented a database sharing and marketplace forum, which caused specific database breaches and leaks and an active market.Missing: details | Show results with:details
  13. [13]
    US Shuts Down RaidForums, a Hacking Site Trading in Stolen ...
    Apr 12, 2022 · Law enforcement has shut down RaidForums, a popular site that hackers used to buy and sell access to stolen databases.
  14. [14]
    U.S. Leads Seizure of One of the World's Largest Hacker Forums ...
    Apr 12, 2022 · – The U.S. Department of Justice today announced the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell ...
  15. [15]
    RaidForums: The child hacker facing extradition to the US | Euronews
    May 31, 2023 · The FBI long knew who Omnipotent was – Portuguese national Diogo Santos Coelho. But they didn't arrest him until he was old enough to be tried ...Missing: origin | Show results with:origin
  16. [16]
    [PDF] Case 1:21-cr-00114-LO Document 12 Filed 03/15/22 Page 1 of 17 ...
    Mar 15, 2022 · COELHO used the monikers "Omnipotent" and "Downloading" on the RaidForums website. 3. The RaidForums website was hosted on a server located ...
  17. [17]
    RaidForums Gets Raided, Alleged Admin Arrested - Krebs on Security
    Apr 12, 2022 · The US Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum.
  18. [18]
    US Extradition of Alleged RaidForums Admin Is Stuck in Limbo
    Sep 23, 2025 · A request to extradite a Portuguese national and alleged administrator of RaidForums to the United States to face device fraud and ...
  19. [19]
    Vulnerable man pleads with UK government to block extradition to US
    Mar 15, 2024 · Diogo Santos Coelho from Portugal faces a 52-year sentence for alleged cybercrime relating to RaidForums site.
  20. [20]
    Hacking forum taken offline and UK suspect arrested
    Apr 12, 2022 · They suspected that administrators of the website based in the UK were helping to manage its membership, and also to launder payments to the ...
  21. [21]
    One of the world's biggest hacker forums taken down - Europol
    Apr 12, 2022 · The illegal marketplace 'RaidForums' has been shut down and its infrastructure seized as a result of Operation TOURNIQUET, a complex law enforcement effort.Missing: details | Show results with:details
  22. [22]
    Why Do Users Get Banned from Cybercriminal Forums? - ReliaQuest
    Jun 24, 2021 · Users are banned for being scammers, violating rules, public pressure, being a scraping account, criticizing the forum, or requesting deletion.
  23. [23]
    Colonial Pipeline Attack Update: Cybercriminal forum XSS, Exploit ...
    May 14, 2021 · On 13 May 2021, the administrator of the high-profile Russian-language cybercriminal forum XSS announced a permanent ban on all things ransomware.Missing: prohibited | Show results with:prohibited
  24. [24]
    On hacking forums, even the scammers aren't safe
    Dec 7, 2022 · ... RaidForums which was shut down in April by law enforcement. Scams ... “Because forum rules demand proof to support scam allegations ...
  25. [25]
    The Russia-Ukraine crisis shakes up the cybercriminal ecosystem
    Apr 18, 2024 · RaidForums' admin team decides to ban Russian-connected forum ... Yet, in Exploit's forum rules, guidelines are restricted to the prohibition ...
  26. [26]
    After RaidForums' Demise, Breached Forum Seizes Leaks Mantle
    Sep 12, 2022 · After an international law enforcement operation shuttered stolen data forum RaidForums in February, weeks later one of its power users ...Missing: subforums | Show results with:subforums
  27. [27]
    Digital Shadows report: Which cybercriminal forum is on top?
    Aug 27, 2020 · RaidForums is a popular ... The forum hosts content mostly relating to breach datasets, cracking tools and tutorials, and configurations.
  28. [28]
    [PDF] The shady economy: Understanding the difference in trading activity ...
    Security practitioners and researchers are constantly monitoring forums to detect large data breaches, zero-day exploits and vulnerabilities affecting.
  29. [29]
    Top 10 Deep Web and Dark Web Forums - SOCRadar
    Hacker forums have long served as the foundation of Dark Web communication, enabling threat actors to share tools, trade stolen data, and coordinate illicit ...
  30. [30]
    Facebook Data Leak on Dark Web: How It Impacts Executives ...
    Apr 5, 2021 · On April 3, 2021, users on RaidForums started posting links to a Facebook data leak that contained approximately 533 million user records.
  31. [31]
    Dark Web Data Leak Exposes RaidForums Members
    May 30, 2023 · Nearly half a million members of a notorious cybercrime forum have had their details publicly exposed after a key database was published on another hacking ...
  32. [32]
    U.S. and European partners take down hacker website RaidForums
    Apr 12, 2022 · U.S. and European authorities said on Tuesday they had seized RaidForums, a popular website used by hackers to buy and sell stolen data, ...
  33. [33]
    FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin
    Apr 13, 2022 · Diogo Santos Coelho (aka "Omnipotent"), the said founder and chief administrator, was apprehended in the U.K. on January 31 and is pending ...Missing: origin creator
  34. [34]
    Raidforums marketplace shut down in global operation - BBC
    Apr 12, 2022 · An online forum providing criminals with stolen personal data has been taken down, in a global operation which saw its founder arrested.Missing: early history 2015-2017
  35. [35]
    Despite Decades of Hacking Attacks, Companies Leave Vast ...
    Jan 25, 2022 · A surge in identity theft during the pandemic underscores how easy it has become to obtain people's private data.
  36. [36]
    Justice Department seizes major cybercrime spot RaidForums
    Apr 12, 2022 · The Department of Justice seized popular online cybercriminal marketplace RaidForums, according to recently unsealed criminal charges against the website's ...
  37. [37]
    It Was a Good Month for Fighting Cybercrime. Don't Get Comfortable
    Apr 20, 2022 · The Department of Justice announced last Tuesday the takedown of RaidForums, a marketplace for sensitive stolen data like usernames and passwords.
  38. [38]
    FBI and international partners seize control of popular hacking forum
    Apr 12, 2022 · The seizure of RaidForums is a blow to crooks looking for an easy way to profit from data breaches. But the underground market for stolen ...
  39. [39]
    Stratification of Hacker Forums and Predicting Cyber Assaults for ...
    Jun 2, 2023 · The internet hacker community may provide significant proactive CTI value by alerting enterprises about risks that they were previously unaware ...
  40. [40]
    [PDF] Unveiling the Potential of Hacker Forums in Cyber Threat Intelligence
    Abstract: This study delves into the unexplored potential of hacker forums as valuable sources for proactive Cyber Threat Intelligence (CTI). Given the cur-.
  41. [41]
    What Do Criminal Hackers and Scammers Discuss on Forums?
    Raidforums is a marketplace and a database sharing forum with some users offering exclusive data leaks. With over 445,000 registered users participating in ...Missing: debates exchange
  42. [42]
    [PDF] Internet Organised Crime Threat Assessment (IOCTA) 2023 - Europol
    RaidForums started its operations in 2015 and ... Dark web forums are heavily used by cybercriminals for communication, knowledge-sharing, exchange of digital ...
  43. [43]
    Legends Never Die: RaidForums Legacy Continues Despite Seizure
    The forum quickly gained popularity amassing hundreds of thousands of users and became a reliable resource for breached and leaked databases.
  44. [44]
    Raid Forums Is Down. Who's Behind Its Apparent Seizure?
    Mar 4, 2022 · Flashpoint analysts examine the factors that may have influenced Raid Forums' closure, as no official government agency or cyber threat ...<|control11|><|separator|>
  45. [45]
    “Omni” wins a round in his extradition case - DataBreaches.Net
    Sep 11, 2025 · Diogo Santos Coelho (aka “Omnipotent” of RaidForums) was arrested in January 2022 in the U.K. when he traveled there to visit his mother.<|separator|>
  46. [46]
    BreachForums/Raidforums Reporting Form
    Below is a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or ...Missing: guidelines prohibitions
  47. [47]
    BreachForums - Flashpoint.io
    Breach Forums was an English-speaking illicit forum that was on-track to become the replacement for Raid Forums. Established in March 2022 by pompompurin, ...
  48. [48]
    Breaking BreachForums (RaidForums Replacement) Updates
    Breached.co is currently the most promising successor to RaidForums, it looks the same and has a better ranking system for anonymous users.
  49. [49]
    BreachForums - Searchlight Cyber
    Mar 4, 2024 · BreachForums specializes in trading leaked databases and other cybercrime, with its users sharing exploits, tips, and tools.
  50. [50]
    BreachForums replacement emerges as robust forum for criminal ...
    Jul 7, 2023 · Even before the FBI seized domains related to BreachForums, the notorious online bazaar where cybercriminals bought and sold hacked or stolen ...
  51. [51]
    The rise and fall of the BreachForums cybercrime network
    Oct 24, 2024 · BreachForums became a distinguished cybercrime forum within a short timeframe and had nearly 225,000 members at its peak after users made the ...
  52. [52]
    RaidForums user data leaked online a year after DOJ takedown
    May 30, 2023 · A database containing the details of almost 500000 RaidForums users has leaked online. Prosecutors seized the hacking forum in 2022.