BreachForums, the hacker site that offered MediaWorks data for sale, has been seized by the FBI and international enforcement partners including the NZ Police, according to multiple reports in the US and statements on its site.
“NZ Police assisted the FBI in a coordination capacity but were not involved in actual takedown,” a police spokeswoman said. “We are unable to comment further.”
The site was used by cybercriminals to share, sell and trade data stolen in ransomware attacks - including information stolen in a breach of MediaWorks systems.
On March 15, a hacker group claimed to have Mediaworks data on 2.5 million Kiwis - harvested from online voting for The Block NZ (broadcast by MediaWorks until it sold Three to Warner Bros Discovery in 2020) and various competitions.
Through BreachForums, the hackers sought $30,000 for the data.
But, finding no takers, they made it available for free download in late March.
MediaWorks said it had notified 403,0000 completion entrants about the breach. It said the compromised data did not include credit card details or passwords.
“This is not the first time BreachForums has been shut down by law enforcement but, unfortunately, it seems to have cockroach-like resilience and keeps on coming back,” Brett Callow, a threat analyst with NZ-founded Emsisoft, told the Herald.
“It is a successor to RaidForums, which was shut down by the FBI in 2022, and BreachForums itself was shut down by the FBI in May 2023 after the arrest of the site’s owner a couple of months prior.
“But the fact that the site will likely reappear in the not too distant future doesn’t mean law enforcement have wasted their time.”
The FBI and DOJ have so far declined to comment on the latest raid.
Following the May 2023 raid, the FBI arrested New Yorker Conor Brian Fitzpatrick, then 21, who pleaded guilty to multiple charges.
In January, he was sentenced to 20 years of supervised release. Fitzpatrick was described as the operator of BreachForums. At the time, the US Department of Justice called BreachForums “one of the world’s largest hacker forums”.
After the 2022 operation, RaidForums’ Portuguese founder and chief administrator, Diogo Santos Coelho (then 21), was arrested in the UK.
As of March 2024, he was still fighting his extradition on mental health grounds.
MediaWorks said in an update on its website: “The types of information held in this database and accessed by the attacker include name, date of birth, gender, postal address and/or postcode, email address, phone number, and in some cases images or videos that may have been submitted as part of the entry.”
The breached database did not contain passwords, identity documents, financial information, bank accounts or credit card details, MediaWorks said.
The database was taken offline on March 16, with the compromised data shifted to another system.
MediaWorks was working with Police, the Privacy Commissioner and Cert NZ, and had brought in experts to identify and plug security gaps.
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.