09-26-2024, 05:16 AM
BreachForum has a large repository of credentials and is often used to publicise breaches after it takes place. The users of this forum, some good and bad come here and find what they're looking for, whether that be information, dummy & real data or other. BreachForums is a tool, like any other penetration software such as Sliver or Cobalt, it can be abused by bad actors to do nefarious things. It is also a social platform like Telegram or Signal, which are also abused by bad actors to do nefarious things. The more I browse BreachForums, the more I see it as the outcome of a forum that has simply not adhered to basic safeguarding protocols to keep negative things away from the platform, possibly due to the fast-paced and busy life of the moderators who are normal individuals with normal lives that also need to prioritize time for their family.
Is BreachForums bad, good, or neutral? Is BreachForums bad, good, or abused? I don't know I'm new here, but other from the weak potential to incite breaching, I have mixed feelings and opinoins about the framework it's built on.
- Users are incentivised for posting via credits, free users have a 10 messages per day cap. I do not know the total number of users on this forum, but what I do know is that it's baby food to make a .py script to sign up bulk accounts, scrape every single breach leaving a dirty trial of spammy content, ghost accounts and lq behaviour in their path.
It's clear to see who actually posts for geniune purposes and who posts just to unlock credits to access breaches, if ever identified, their breach account can be used a point of reference to show how commited they are in posting LQ content X amount of times per day over the course of X amount of months to download X amount of breaches, especially free users since they're capped at 10 per day.
- The mass publicisation of passwords could be used to deanonimise users. Every breach posted online is transformed from private information into public information through making it accessible to all, essentially aiding in OSINT. Repositories such as haveibeenpwned, government agencies, cyber security firms, harvest the information you guys post. Why? Because that unique password you use that's insanely rare, has atleast shown up in minimum three database leaks you're unaware of. These passwords can be used to cross-reference and find other identities or accounts linked to you if you share the same password accross multiple services. I mean just imagine if your password was swagDiddyDaddo1337$ for your legit uber or email account yet also breachforum account. If someone compromised the db for Uber then compromised the db for BreachForums within the same year and you're one of the few 500 people around the world who may have been using this password within this time period, etc, I'm tired of typing now /thread that's all.
Finishing notes:
However... Everyday I must remember BreachForums is neither good, nor bad, it's simply just BreachForums.
I can elaborate on any points mentioned if anyone would like to rebuttal me feel free and welcome any disagreements with open arms. If anyone has any additional points they'd like to add that coincides with this topic post it below.
Is BreachForums bad, good, or neutral? Is BreachForums bad, good, or abused? I don't know I'm new here, but other from the weak potential to incite breaching, I have mixed feelings and opinoins about the framework it's built on.
- Users are incentivised for posting via credits, free users have a 10 messages per day cap. I do not know the total number of users on this forum, but what I do know is that it's baby food to make a .py script to sign up bulk accounts, scrape every single breach leaving a dirty trial of spammy content, ghost accounts and lq behaviour in their path.
It's clear to see who actually posts for geniune purposes and who posts just to unlock credits to access breaches, if ever identified, their breach account can be used a point of reference to show how commited they are in posting LQ content X amount of times per day over the course of X amount of months to download X amount of breaches, especially free users since they're capped at 10 per day.
- The mass publicisation of passwords could be used to deanonimise users. Every breach posted online is transformed from private information into public information through making it accessible to all, essentially aiding in OSINT. Repositories such as haveibeenpwned, government agencies, cyber security firms, harvest the information you guys post. Why? Because that unique password you use that's insanely rare, has atleast shown up in minimum three database leaks you're unaware of. These passwords can be used to cross-reference and find other identities or accounts linked to you if you share the same password accross multiple services. I mean just imagine if your password was swagDiddyDaddo1337$ for your legit uber or email account yet also breachforum account. If someone compromised the db for Uber then compromised the db for BreachForums within the same year and you're one of the few 500 people around the world who may have been using this password within this time period, etc, I'm tired of typing now /thread that's all.
Finishing notes:
However... Everyday I must remember BreachForums is neither good, nor bad, it's simply just BreachForums.
I can elaborate on any points mentioned if anyone would like to rebuttal me feel free and welcome any disagreements with open arms. If anyone has any additional points they'd like to add that coincides with this topic post it below.
