- 790
- 211
According to French media, law enforcement agencies have arrested four BreachForums administrators known by the nicknames ShinyHunters, Hollow, Noct and Depressed. It is also reported that back in February 2025, French authorities detained the famous hacker IntelBroker, who was also previously an admin of the resource.
Arrests
According to the French newspaper Le Parisien , earlier this week, the cybercrime unit (BL2C) of the Paris police department carried out an operation aimed at BreachForums operators.
According to journalists, raids took place simultaneously in Paris, Normandy and Reunion. As a result, four hackers were arrested: ShinyHunters, Hollow, Noct and Depressed.
The publication also reports that rumors about the arrest of another famous attacker (IntelBroker) were true. According to journalists, IntelBroker was arrested by the French authorities back in February 2025.
[td]There were already several websites under the name BreachForums, all dedicated to buying, selling, and dumping stolen data.
The first "leak forum" was RaidForums. But after the FBI shut it down in 2022, someone named Pompompurin launched his own resource called BreachForums (or simply Breached).
This forum quickly gained popularity in the hacker community, and criminals published huge amounts of stolen data on the site. For example, including information from the US Congressional healthcare provider DC Health Link, data from millions of Twitter users , and so on.
Soon after the publication of DC Health Link data, in March 2023, the FBI arrested the owner of the forum, Conor Brian Fitzpatrick (Pompompurin), and BreachForums was closed. It is worth noting that Fitzpatrick pleaded guilty to several charges, and in January 2024, he was sentenced to 20 years of supervised release.
However, new versions of the site soon emerged, and were eventually seized by law enforcement.
Another incarnation of the site, BreachForums v2, was launched last year under the direction of ShinyHunters, Baphomet, and later IntelBroker (who stepped down from managing the site in January 2025).
This version of the site went offline in April 2025 after BreachForums was allegedly hacked via a 0-day vulnerability in MyBB. The forum has not returned since.[/td]According to Le Parisien, the arrested ShinyHunters and IntelBroker were the site’s administrators and owners, and archived messages show that Hollow acted as a moderator. However, it remains unclear what role Depressed and Noct played in the site’s operation.
The hackers are now accused of hacking French companies and organizations such as Boulanger, SFR, France Travail, and the French Football Federation (FFF). The attack on France Travail (formerly Pôle Emploi) is particularly notable on this list, as the incident compromised the data of approximately 43 million people .
ShinyHunters is undoubtedly the most famous of the arrested hackers. Thus, his name is associated with numerous attacks and high-profile data leaks, including the attacks on Salesforce and SnowFlake , which ultimately affected Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, Cylance, and others.
In addition, the ShinyHunters nickname is associated with other hacks and leaks, and information security specialists believe that this pseudonym is used by a group of individuals consisting of several criminals.
The identity of IntelBroker
After the publication of Le Parisien's report on the arrests, it became known that in the United States, a British citizen known as IntelBroker was charged with stealing and selling confidential data from companies around the world, as well as causing damage in the amount of about $25 million.
The indictment , released by the US Attorney's Office for the Southern District of New York, states that the IntelBroker nickname was used by 25-year-old Briton Kai West.
According to US authorities, he had been stealing and selling data from the networks of government agencies, companies, and critical infrastructure facilities for many years. Most often, the stolen information was distributed through BreachForums.
According to the US Department of Justice, West's actions caused damage to dozens of victims (including a US telecommunications company, a healthcare provider, an internet service provider and more than 40 other organizations) totaling about $25 million.
As a reminder, IntelBroker is linked to many high-profile hacks: DC Health Link , which manages the health plans of members of the US House of Representatives, Europol , AMD , Nokia , HPE , General Electric and many others.
West faces charges of conspiracy to commit computer hacking, wire fraud, conspiracy to commit wire fraud, and accessing a protected computer to obtain information. The charges carry a maximum sentence of 25 years in prison. The documents
also detail how the FBI confirmed the identity of IntelBroker, also known by his alias Kyle Northern. Back in January 2023, an undercover FBI agent purchased a stolen API key from IntelBroker for $250 in cryptocurrency. The Bitcoin address used in the transaction was traced to a wallet previously created on the banking platform Ramp. That wallet was linked to an account registered to a UK driver’s license issued in the name of Kyle West. Additionally, the email account used on Ramp was traced to a Coinbase account registered to a pseudonymous user named Kyle Northern, also owned by West. The inbox contained invoices, emails from the university, and a photo of West’s driver’s license. He also used the same IP addresses to log into both his personal accounts and IntelBroker profiles, allowing the FBI to verify that they were on the right person. U.S. authorities confirm that West was arrested in France in February of this year. @ xakep.ru
Arrests
According to the French newspaper Le Parisien , earlier this week, the cybercrime unit (BL2C) of the Paris police department carried out an operation aimed at BreachForums operators.
According to journalists, raids took place simultaneously in Paris, Normandy and Reunion. As a result, four hackers were arrested: ShinyHunters, Hollow, Noct and Depressed.
The publication also reports that rumors about the arrest of another famous attacker (IntelBroker) were true. According to journalists, IntelBroker was arrested by the French authorities back in February 2025.
The first "leak forum" was RaidForums. But after the FBI shut it down in 2022, someone named Pompompurin launched his own resource called BreachForums (or simply Breached).
This forum quickly gained popularity in the hacker community, and criminals published huge amounts of stolen data on the site. For example, including information from the US Congressional healthcare provider DC Health Link, data from millions of Twitter users , and so on.
Soon after the publication of DC Health Link data, in March 2023, the FBI arrested the owner of the forum, Conor Brian Fitzpatrick (Pompompurin), and BreachForums was closed. It is worth noting that Fitzpatrick pleaded guilty to several charges, and in January 2024, he was sentenced to 20 years of supervised release.
However, new versions of the site soon emerged, and were eventually seized by law enforcement.
Another incarnation of the site, BreachForums v2, was launched last year under the direction of ShinyHunters, Baphomet, and later IntelBroker (who stepped down from managing the site in January 2025).
This version of the site went offline in April 2025 after BreachForums was allegedly hacked via a 0-day vulnerability in MyBB. The forum has not returned since.[/td]
The hackers are now accused of hacking French companies and organizations such as Boulanger, SFR, France Travail, and the French Football Federation (FFF). The attack on France Travail (formerly Pôle Emploi) is particularly notable on this list, as the incident compromised the data of approximately 43 million people .
ShinyHunters is undoubtedly the most famous of the arrested hackers. Thus, his name is associated with numerous attacks and high-profile data leaks, including the attacks on Salesforce and SnowFlake , which ultimately affected Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, Cylance, and others.
In addition, the ShinyHunters nickname is associated with other hacks and leaks, and information security specialists believe that this pseudonym is used by a group of individuals consisting of several criminals.
The identity of IntelBroker
After the publication of Le Parisien's report on the arrests, it became known that in the United States, a British citizen known as IntelBroker was charged with stealing and selling confidential data from companies around the world, as well as causing damage in the amount of about $25 million.
The indictment , released by the US Attorney's Office for the Southern District of New York, states that the IntelBroker nickname was used by 25-year-old Briton Kai West.
According to US authorities, he had been stealing and selling data from the networks of government agencies, companies, and critical infrastructure facilities for many years. Most often, the stolen information was distributed through BreachForums.
According to the US Department of Justice, West's actions caused damage to dozens of victims (including a US telecommunications company, a healthcare provider, an internet service provider and more than 40 other organizations) totaling about $25 million.
As a reminder, IntelBroker is linked to many high-profile hacks: DC Health Link , which manages the health plans of members of the US House of Representatives, Europol , AMD , Nokia , HPE , General Electric and many others.
West faces charges of conspiracy to commit computer hacking, wire fraud, conspiracy to commit wire fraud, and accessing a protected computer to obtain information. The charges carry a maximum sentence of 25 years in prison. The documents
also detail how the FBI confirmed the identity of IntelBroker, also known by his alias Kyle Northern. Back in January 2023, an undercover FBI agent purchased a stolen API key from IntelBroker for $250 in cryptocurrency. The Bitcoin address used in the transaction was traced to a wallet previously created on the banking platform Ramp. That wallet was linked to an account registered to a UK driver’s license issued in the name of Kyle West. Additionally, the email account used on Ramp was traced to a Coinbase account registered to a pseudonymous user named Kyle Northern, also owned by West. The inbox contained invoices, emails from the university, and a photo of West’s driver’s license. He also used the same IP addresses to log into both his personal accounts and IntelBroker profiles, allowing the FBI to verify that they were on the right person. U.S. authorities confirm that West was arrested in France in February of this year. @ xakep.ru