Part 2: Victory and Vow

The heated battle between law enforcement and the Scattered LAPSUS$ Hunters hacking alliance just had a major moment.

On October 10, 2025, the U.S. Federal Bureau of Investigation (FBI), working with French authorities, officially seized the BreachForums domain used by the hackers to run their public extortion campaign. This site, previously a marketplace for stolen data, had been rebooted as the leak portal for data stolen from Salesforce customers.

This is a direct continuation of the story we reported on previously, and this news is based on reporting from outlets like eSecurity Planet and BleepingComputer.

What The FBI Did: Hitting the Hackers’ Home Base

The seizure of the domain breachforums[.]hn is a huge win for law enforcement. Here is what happened:

• Domain Takeover: The FBI and French authorities redirected the website’s technical settings (DNS name servers) to their own servers. This is like changing the locks on the front door. Now, anyone who visits the site sees an official seizure notice instead of a threat.
• Stopping the Leak: This action was timed perfectly, happening just before the Scattered LAPSUS$ Hunters group was scheduled to release the huge cache of stolen Salesforce data (over a billion records) from companies like FedEx, Toyota, and UPS. The takedown prevented an immediate, catastrophic public data dump.
• Infrastructure Seizure: It wasn’t just the front door. ShinyHunters publicly confirmed that the FBI and French authorities gained access to their backend servers, seizing all backup and escrow databases — some dating all the way back to 2023.

The Hackers’ Response: “The Era of Forums is Over”

Did this stop the hackers entirely? Not yet. But it definitely caused a huge disruption:

• ShinyHunters Confirms Loss: In a public message, a member of ShinyHunters admitted the loss, stating: “The era of forums is over.” This suggests they believe traditional, open hacking sites are now too easily infiltrated or seized by global law enforcement and are no longer a safe place for their operations.
• A Warning to Other Criminals: The group declared they will not try to reboot BreachForums again. They warned other cybercriminals that such sites are now likely “honeypots” — traps set by law enforcement to catch new users.
• The Vow to Continue: Despite the loss of their public platform, the group is insisting the Salesforce extortion campaign is still active. They claim the seizure did not disrupt their core operations and vowed to continue leaking stolen data from the companies that refuse to pay the ransom. This means they are likely moving their operations completely to the dark web or highly encrypted channels like Telegram.

A Never-Ending Battle

The FBI’s seizure is a major victory because it denied the hackers their main public stage and prevented the immediate public leak of millions of user records.

However, the event also shows how hard it is to completely stop these groups. The hackers — which are often a mix of people like ShinyHunters, Scattered Spider, and Lapsus$ — are highly adaptable. They simply move to a new platform or a new channel and continue their work.

For organizations, this is a clear lesson: Law enforcement can clean up the public mess, but it can’t protect your company data for you. The only real defense is to have stronger security right from the start.

As always, the battle continues. We’ll keep watching this story as the hackers make good on their threat to leak data elsewhere.