French Police Bust BreachForums Organizers: “ShinyHunters,” “IntelBroker” & Others Arrested in Major Cybercrime Crackdown
The French police have carried out a sweeping operation targeting the organizers of the infamous cybercriminal forum BreachForums, which in recent years had become a major hub for the trafficking of stolen data. According to Le Parisien, officers from the Cybercrime Fighting Unit (BL2C) arrested several individuals involved in the operation of the platform.
French media reports indicate that arrests took place in the suburbs of Paris, in Normandy, and on the island of Réunion. Among those detained were users known by the aliases “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.” The forum’s main operator, who went by the moniker “IntelBroker,” had already been apprehended by French law enforcement in February of this year—an event that only recently came to light.
This latest wave of arrests effectively marks the end of the relaunched BreachForums, which emerged after the original site was taken down in 2023. That year, the platform’s founder, Connor Brian Fitzpatrick—known online as “Pompompurin”—was arrested in the United States. Almost immediately thereafter, other cybercriminals, including ShinyHunters, Baphomet, and IntelBroker, revived the forum under a new iteration.
ShinyHunters is among the most notorious figures in the cybercriminal underground. The alias has been linked to numerous high-profile data breaches involving international corporations such as Salesforce, PowerSchool, and SnowFlake. More recent attacks targeted giants like Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance. Experts suggest that “ShinyHunters” is not a single individual but rather a collective operating in coordination.
The second iteration of BreachForums was effectively dismantled in April 2025, when the site was reportedly hacked through a vulnerability in the popular MyBB forum software. Since then, the platform has not resumed operation.
Authorities associate the arrested individuals with several high-impact cyberattacks against French companies and government entities. Notable victims include the electronics retailer Boulanger, telecom provider SFR, the national employment agency France Travail (formerly Pôle Emploi), and the French Football Federation. Of particular concern was the breach of France Travail, in which data on nearly 43 million citizens may have been compromised.
Thus far, French officials have refrained from publicly commenting on the arrests. The National Cybersecurity Agency of France (ANSSI) has also withheld statements on the matter.
