Why trust Greenbot
French police have arrested five suspected administrators of BreachForums, a notorious cybercrime marketplace that facilitated the sale of stolen data from millions of people worldwide, following a joint investigation with US authorities.
The arrests included four French nationals in their twenties, captured during coordinated raids Monday across Paris’ suburbs, Normandy, and overseas territories. A fifth suspect, British national Kai West, known as “IntelBroker,” was arrested in February.
Police identified the suspects by their online handles: “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.” These names became synonymous with some of the most damaging cyberattacks in recent years.
“These threat actors had transformed BreachForums into the premier destination for stolen data trading, impacting millions of individuals through breaches at major organizations,” said John Fokker, head of threat intelligence at Trellix.
The cybercriminals targeted both French companies and international corporations. Their victims included electronics retailer Boulanger, phone company SFR, and government job agency France Travail. The attack on France Travail alone exposed personal details of 43 million people.
ShinyHunters gained international attention for orchestrating the Snowflake data warehouse attacks. These breaches hit major companies including Ticketmaster, Santander Bank, and AT&T. The group even extorted $370,000 in Bitcoin from AT&T to prevent further data releases.
IntelBroker made headlines by breaching DC Health Link, exposing personal information of US Congress members and their families. The hacker also targeted major corporations, including General Electric, AMD, and Hewlett Packard Enterprise.
The investigation showcased cooperation between France’s Anti-Cybercrime Brigade and American law enforcement agencies. French prosecutors credited the FBI and the US Department of Justice for providing detailed intelligence that made the arrests possible.
BreachForums emerged in 2022 as a replacement for the shuttered RaidForums. Despite repeated law enforcement takedowns, the site kept resurging under new management. The FBI seized it in May 2024, but administrators quickly rebuilt the operation.
The marketplace finally went offline in April 2025 after hackers exploited a security vulnerability in the forum’s software. The recent arrests may have delivered the final blow to the platform.
US prosecutors have charged IntelBroker with causing an estimated $25 million in damages. The case follows the 2023 arrest of BreachForums founder Conor Fitzpatrick, who received supervised release and faces resentencing in July.
Fokker warned that while these arrests represent “a pivotal moment in cybercrime enforcement,” new criminal actors are already positioning themselves to fill the void left by the collapse of BreachForums.
