Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > BreachForums Clone Shuts Down After Operators Admit Impersonation

BreachForums Clone Shuts Down After Operators Admit Impersonation

By: Jordan Vector Cybersecurity Expert

Last updated: June 26, 2026

Human Written
BreachForums Clone Shuts Down After Operators Admit Impersonation
  • The BreachForums clone breached[.]hn has shut down after its operators admitted the site was unofficial.

  • Administrators allegedly confessed to impersonating ShinyHunters, BreachForums staff, and PGP identities.

  • Operators claim they fear retaliation from the ShinyHunters group after being allegedly doxed.

Another alleged successor to the infamous BreachForums marketplace has abruptly shut down, adding yet another chapter to the ongoing turmoil surrounding one of the cybercrime world’s most recognizable brands.

According to a report published by DataBreaches, the operators behind the BreachForums clone known as breached[.]hn announced the closure of their platform on June 24, issuing a lengthy public apology in which they admitted the site was never an official continuation of BreachForums.

The development comes after the forum was reportedly listed for sale for $3,000. Within 24 hours, the asking price had allegedly fallen to $1,500, suggesting difficulty finding potential buyers.

Shortly afterward, the sales advertisements reportedly disappeared from both Telegram and the forum’s onion site.

Operators Admit to Impersonation

In messages posted to the platform’s Telegram channel, individuals identifying themselves as “unlivid,” “Nullified,” and “Lucy” acknowledged that the forum was merely another clone attempting to capitalize on the BreachForums name.

The administrators wrote that there is currently “no official BreachForums,” referencing previous statements allegedly attributed to the cybercriminal collective ShinyHunters. The statement further alleged that the person behind “Hollow” was impersonating the original BreachForums staff member.

The confusion surrounding legitimate BreachForums operations has been ongoing, the marketplace has reportedly shifted domains multiple times after alleged rival cyberattacks disrupted its infrastructure.

Most notably, the operators allegedly admitted they had fabricated much of the platform, saying they had been “larping everything,” including:

  • PGP identities
  • ShinyHunters affiliations
  • BreachForums branding
  • Staff identities

The operators also issued an apology for allegedly scamming users and falsely presenting themselves as legitimate successors to the original cybercrime forum. The announcement’s most dramatic claim alleged that someone had doxed the administrators, leaving them fearful of retaliation from ShinyHunters.

The statement claimed: “We got doxed and shinyhunters is looking to kill us.”

The operators further wrote that they were “truly and really scared of ShinyHunters” and believed the group could pursue them even after shutting down the site. At present, no public evidence has emerged supporting these claims.

DataBreaches reported that searches of ShinyHunters’ leak infrastructure did not reveal any public threats, doxing material, or statements directed at the operators of the clone forum. Likewise, no independently verified information confirms that anyone identified or threatened the administrators.

A Fragmented Underground Ecosystem

The collapse of breached[.]hn reflects the growing instability surrounding the BreachForums ecosystem. Since the original BreachForums experienced multiple law enforcement disruptions and administrator arrests, numerous copycat forums have emerged attempting to capture its user base and reputation.

Many of these clones have struggled to establish credibility within cybercriminal communities. Underground forum users often rely heavily on reputation systems, trusted administrators, and established identities. Allegations of impersonation, scams, and false affiliations can quickly destroy confidence in a platform.

Security researchers have observed an increasing number of short-lived criminal forums that attempt to leverage well-known brands while lacking the trust networks that made their predecessors successful.

Future of BreachForums Remains Uncertain

The operators behind breached[.]hn concluded their announcement by apologizing to users and claiming they had “learned their lesson.” At publication, the platform’s clearnet site was offline, though its onion service remained accessible.

The broader BreachForums brand continues to cast a long shadow over cybercrime communities despite repeated takedowns, arrests, and impersonation attempts.

Whether another successor eventually emerges remains uncertain. The collapse highlights that reputation, trust, and authenticity still matter in criminal ecosystems, and impersonation can have serious consequences.

Share this article

About the Author

Jordan Vector

Jordan Vector

Cybersecurity Expert

Jordan is a security researcher and advocate who focuses on making privacy practical. Whether he's explaining how to harden a browser or reporting on the latest surveillance disclosures, his goal is to equip readers with knowledge they can use immediately. Jordan believes that true security begins with understanding the digital landscape.

Comments (0)

No comments.