The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions.
News of the arrests come from Le Parisien, which claims the law enforcement operation was carried out by the cybercrime unit (BL2C) of the Paris police department on Monday.
According to reporters, the police carried out simultaneous raids in the regions of Hauts-de-Seine (Paris), Seine-Maritime (Normandy), and Réunion (overseas).
During this action, they have arrested four hackers known online by the handles “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.”
For months, rumors circulated that another well-known threat actor, “IntelBroker,” had also been arrested. Le Parisien reports that IntelBroker was also arrested by French authorities in February 2025.
The BreachForums hacking forums have gone through numerous iterations over the years but acted as a community for cybercriminals to trade, sell, and leak stolen data, as well as sell access to corporate networks and other illegal cybercrime services.
In 2023, the original BreachForums shut down after its operator, Conor Brian FitzPatrick (aka Pompompurin), was arrested.
Soon after, other threat actors in the community launched BreachForums v2, which was led by threat actors known as ShinyHunters, Baphomet, and, later, IntelBroker.
The five threat actors that were arrested were reportedly involved in the operation of this new launch of the site.
ShinyHunters and IntelBroker were admins/owners of the site, and archived posts show Hollow acting as a moderator. It is unclear what involvement “depressed” and “noct” had in the operation of the site.
Those cybercriminals are accused of having direct involvement in data breaches against French entities like Boulanger, SFR, France Travail, and the French Football Federation.
The attack against France Travail (formerly Pôle Emploi) was particularly notable for compromising the sensitive details of an estimated 43 million individuals.
IntelBroker rose to notoriety for his involvement in highly publicized breaches at Europol, General Electric, Weee!, AMD, HPE, Nokia, and Cisco. However, the threat actor entered the spotlight after breaching DC Health Link, the organization that administers the health care plans of U.S. House members, their staff, and their families.
ShinyHunters is the most notorious among those arrested, as the alias has been linked to multiple high-profile data breaches and attacks, including those against Salesforce and PowerSchool, and the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance.
The ShinyHunters threat actors have also been involved in a large number breaches in 2025, with the group believed to consist of multiple threat actors operating under the same name.
BreachForums v2 went offline in April 2025 after the site was allegedly breached by a MyBB zero-day vulnerability. The forum never returned online.
BleepingComputer has contacted the Paris police and ANSSI to comment on the validity and accuracy of the reports, but we have not received a response yet.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
Click Here For The Original Source.
