Five individuals linked to the notorious BreachForums v2 cybercrime marketplace have reportedly been arrested by French police during coordinated raids across multiple regions in France. The forum was widely used by hackers to leak, sell, and trade sensitive personal and corporate data—often sourced through major breaches of global tech firms and public sector systems.
The operation was carried out by the Paris-based cybercrime unit BL2C, with raids conducted in Hauts-de-Seine, Seine-Maritime, and Réunion. French newspaper Le Parisien reported that four cybercriminals known by their aliases—ShinyHunters, Hollow, Noct, and Depressed—were apprehended during the action.
IntelBroker Also Arrested in Separate February Operation
Alongside these developments, reports confirm that IntelBroker, one of the most infamous hackers in recent years, was previously arrested in February 2025. Known for leaking sensitive data from DC Health Link, Europol, General Electric, HPE, and Cisco, IntelBroker was also a central figure in the latest iteration of BreachForums.
Authorities have yet to officially confirm these arrests, but Le Parisien cites law enforcement sources close to the investigation. The ANSSI and Paris police have not yet commented publicly on the matter.
BreachForums v2: The Rebirth and Shutdown of a Cybercrime Hub
The original BreachForums shut down in 2023 following the arrest of its administrator, Conor Brian FitzPatrick (aka Pompompurin). Not long after, other cybercriminals relaunched the site under BreachForums v2, led primarily by ShinyHunters and IntelBroker, with additional support from Baphomet and Hollow.
This second version of the platform became a central marketplace for stolen databases, leaked credentials, corporate access, and exploit tools. Archived posts show Hollow acting as a moderator. The specific roles of Noct and Depressed remain unconfirmed.
The site reportedly went offline in April 2025 after being compromised via a MyBB zero-day vulnerability, effectively ending its short-lived run.
Connection to Major Data Breaches in France and Worldwide
French authorities link the arrested individuals to cyberattacks against several high-profile national entities including:
- France Travail (formerly Pôle Emploi), where the breach exposed the personal data of roughly 43 million people
- Boulanger, SFR, and the French Football Federation
On a global scale, ShinyHunters has been associated with breaches affecting Salesforce, PowerSchool, and Snowflake, with downstream impacts on companies like Santander, Ticketmaster, Neiman Marcus, and Advance Auto Parts. Analysts believe ShinyHunters is a collective rather than a single actor, which explains the volume and scale of their operations throughout 2025.
The Bigger Picture: Threat Actor Arrests and Forum Takedowns
The arrests in France follow a growing trend of coordinated international crackdowns on illicit cybercrime forums. BreachForums is just one in a long list of dark web platforms dismantled by global law enforcement.
Such takedowns mark critical disruptions in the cybercriminal supply chain, but they don’t eliminate the underlying threat. Breached data remains highly valuable, and threat actors quickly shift to alternative platforms or rebuild under new names.
For businesses, especially those in critical sectors like finance, government, healthcare, and enterprise IT, such incidents highlight the need for strong data recovery and protection strategies.
Even if a breach occurs, organizations must ensure that data remains resilient, recoverable, and uncompromised.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
