On May 29, 2023, a database containing the information of nearly 479,000 members of the RaidForums hacking forum was leaked online on a new forum named Exposed. RaidForums was known for hosting, leaking, and selling stolen data from breached organizations. Following the seizure by law enforcement and its subsequent closure, users migrated to a new forum called Breached (BreachForums). Breached was just recently seized by law enforcement, too, after its founder was arrested.
Exposed has emerged as a possible replacement for Breached in May 2023; its founders are not seemingly affiliated with the owners of RaidForums or Breached. The leaked RaidForums database was published by a user called ‘Impotent’, the owner of Exposed, who stated that its origin is unknown. Users on other cybercrime communities have wondered, too, how this leak came to be if access to the forum was supposedly only at the hands of law enforcement. The forum has used the leak as a marketing tool and placed a banner inviting all new users to come and download the leak (which is possible by buying a 50 euro upgrade to reveal the download link). Following the leak, the number of users on Exposed tripled: from around 900 members on May 28, 2023 (one day before the leak) to more than 3200 users just two days later.
KELA has indexed the database (available on KELA’s platform through a free trial via the following query) and is sharing some insights gained from exploring it. The leaked table appears to cover members who registered between March 2015 and September 2020 and includes users’ email addresses, usernames, instant messaging usernames, languages, IP addresses, DOBs, forum usage information, login keys, and hashed passwords with salt.
As stated by Impotent, some users were removed from the leak.