Breached[.]Fi Domain Hijacked by Insider Leaking ID, Password and IP Addresses

• A new member of the Breached[.]fi forum claimed that they hijacked and leaked stored data
• A platform member going by the alias ‘krekti’ leaked email, password, login data and more
• The forum was reopened by the owner Anastasia who had tried to sell and close the market place earlier

The controversial dark web domain Breached[.]fi allegedly suffered a breach by an insider. According to threat intelligence reports, a member claimed that they hijacked the domain and leaked ‘sensitive’ information. 

The platform has been associated with BreachForums[.]st which has been in the news for shutting down on April 15 and its revival thereafter.

A threat intelligence report shared the below screenshot of the message posted by the member going by the alias ‘krekti.’

Breached[.]fi reflected a message with all the details that were accessed and exposed including emails, passwords, IP addresses, login credentials, user metadata and more.

The user joined the platform in April 2025 leading to suspicion over their real identity and history. It also leaves room for speculation over other covert activities from their original account.

Alon Gal, Co-Founder & CTO at Hudson Rock shared a screenshot of a message posted later that read, "Sorry for the downtime! The owner was resignated and were are looking for new owner.”

The dark web member targeting the platform could be a result of internal conflict or a prank to draw attention from a new member. 

Researchers expressed doubts over the legitimacy of the platform itself with some calling it a scam. 

Similar to this, the platform BreachForums was in the news for attempts of revival before finally being taken down by the FBI. The owner Anastasia left messages assuring that the forum will be accessible on 23 April, 2025.

The platform was then targeted by the Dark Storm Team with DDoS attacks which left it inaccessible.

Giving up, Anastasia offered to sell the site data for $2000. Anastasia’s Telegram handle was taken over with a message that read, “This Telegram is under the control of the FBI.”

Two days ago, another member claimed that the BreachForums was up and active again with recent activities pertaining to cybercrime reflecting throughout the platform.