European law enforcement has shut down RaidForums, a long‑running international hacker forum that hosted a broad range of stolen data from Russia and Belarus. The seizure followed a coordinated effort by Europol and security partners, signaling another step in the ongoing battle against cybercrime in North America and Europe.
Reports from security researchers indicate that RaidForums became largely unusable after administrators appeared to show publicly supportive positions toward Ukraine while blocking access for Russian IPs. In this tense environment, attackers and data brokers accelerated the publication of databases tied to Russian and Belarusian individuals, with Group-IB noting that roughly 100 databases were circulated from multiple regions.
Among the leaked datasets were records tied to a diverse group of sectors, including a major fitness network, an online retailer, a postal service, a mobile carrier, a transportation company, a bank, and a dating platform. Some of the released information proved noisy or partially compiled, which is often the case with open database dumps that include mix-and-match data from different sources.
One notable incident involved an express delivery operator operating across the Russian Federation and the Commonwealth of Independent States, where the data dump drew attention for the sheer volume of personal details. Shortly after, chatter about RaidForums’ domain surfaced in the forum’s Telegram group, followed by a cascade of deleted messages as administrators attempted to control the situation and minimize exposure. Group-IB later confirmed that the forum had been compromised and subsequently taken offline, marking a rare victory for investigators in the evolving cybercrime landscape.
RaidForums began life in 2015 and gained a reputation as one of the world’s most expansive hacker marketplaces. It connected buyers and sellers who traded stolen user credentials, including passwords and login details, as well as personal identifiers such as full names, addresses, phone numbers, emails, and copies of IDs, passports, and driver’s licenses. The site cultivated a large audience, reportedly attracting hundreds of thousands of users, and became a notable source of data for identity theft and targeted fraud campaigns across multiple regions, including Canada and the United States.
In a broader context, law enforcement and cybersecurity professionals have repeatedly warned about the risks posed by such forums. They drive cybercrime by streamlining access to sensitive information and enabling rapid monetization of stolen data. The RaidForums closure follows prior episodes where hacker collectives, including those associated with the Anonymous movement, publicly escalated cyber activities in response to geopolitical events in Ukraine. The evolving threat landscape continues to push digital risk into the daily lives of consumers and businesses alike, prompting ongoing investments in detection, response, and user education across North America.