In a sweeping multi-region crackdown, French cybercrime authorities have arrested five men in their twenties suspected of operating BreachForums: a notorious online marketplace for stolen data and digital weaponry. The arrests, which span from the outskirts of Paris to the Indian Ocean territory of Réunion, mark a significant breakthrough in the international fight against cybercrime.
Global Forum, Local Arrests: The Fall of BreachForums’ Core Crew
The Paris Cybercrime Brigade (BL2C) confirmed it had taken four men into custody this week, following the February arrest of another suspect believed to be the hacker known online as IntelBroker. The detainees, known by their aliases Hollow, Noct, Depressed, and most prominently, ShinyHunters, are alleged to have played key roles in running BreachForums, a digital underground where criminals traded stolen databases, ransomware kits, and login credentials.
Founded in 2022, BreachForums filled the void left by the takedown of RaidForums, quickly becoming a go-to site for cybercriminals. While the FBI shuttered the site in May 2024, successor versions briefly re-emerged, continuing the cat-and-mouse game between law enforcement and cyber syndicates.
The arrests follow coordinated efforts across Hauts-de-Seine, Seine-Maritime, and the remote island of Réunion, underlining both the geographic reach of cybercrime and the increasing determination of global law enforcement to dismantle its infrastructure.
The Rise and Legacy of ShinyHunters: From Ticketmaster to AT&T
Among those arrested, the alias ShinyHunters stands out. Long speculated to be a group rather than an individual, ShinyHunters has been linked to some of the most devastating data breaches in recent memory, including attacks on Ticketmaster, AT&T, Snowflake, Royal Mail, and Samsung.
Cybersecurity analysts trace their activity to mass credential dumps, extortion attempts, and high-value ransom schemes. The group previously counted French national Sebastien Raoult among its alleged members. Raoult was extradited to the U.S. and convicted, joining Conor Brian Fitzpatrick (alias Pompompurin), the original BreachForums admin arrested in the U.S. in 2023, as a central figure in this global cybercrime saga.
Fitzpatrick pleaded guilty in 2023 and was sentenced to 20 years of supervised release in 2024. His sentence included a ban on internet access for the first year and two years of house arrest, a symbol of how far law enforcement has come in prosecuting digital crime.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
A Fragile Afterlife: BreachForums’ Copycats and the Trust Crisis
After its May 2024 takedown by the FBI, BreachForums briefly resurfaced, only to vanish again under mysterious circumstances. While copycat sites emerged claiming continuity, the cybercrime community itself has grown skeptical. Even though posts were signed with the original forum’s PGP key, many users suspect infiltration by law enforcement, a sign of how trust, even in the criminal underworld, can be fatally compromised.
The cybercrime ecosystem that once revolved around BreachForums has since splintered, with smaller, less organised platforms struggling to fill the void. Law enforcement officials see this as an opportunity to keep cybercriminals fragmented, vulnerable, and easier to track. No formal charges have yet been announced in France, and the identities of those arrested remain sealed. However, authorities have confirmed the suspects face multiple cybercrime allegations, including involvement in attacks on French institutions such as France Travail, retailer Boulanger, and the French Football Federation.
The ongoing operation, Strike Force Docker, is being hailed as one of the most significant European cybercrime busts in recent history. It reinforces a message long in the making: cyber anonymity is no longer a shield against prosecution.