U.S. and French law enforcement replaced the BreachForums clearnet domain with a seizure banner, disrupting a forum used to publish stolen data and coordinate extortion. The action occurred hours before a hacking group threatened to release data it said was stolen from Salesforce and dozens of customers; authorities say disruption hampers extortion channels though activity may persist on darknet and messaging platforms.

Federal Bureau of Investigation teams working with French cyber-crime authorities executed a seizure of BreachForums' clearnet domain, posting a law-enforcement banner and interrupting a major public channel used by threat actors to host stolen datasets and coordinate extortion. The operation coincided with a looming threat by a hacking group — reported to include Scattered Spider-aligned actors — claiming to possess data from Salesforce and multiple corporate customers. Authorities stated the domain seizure disrupts a central data-extortion pipeline and complicates immediate public dissemination of the targeted files; however, they cautioned that actors often pivot to alternative infrastructure such as darknet marketplaces, Tor-hosted sites, and encrypted messaging channels like Telegram. Law-enforcement officials emphasized continued investigation into actors responsible for the alleged intrusions and urged organizations to follow incident-response protocols, notify affected parties, and monitor for secondary disclosures. The takedown underscores transnational cooperation to combat large-scale data theft and extortion, while acknowledging persistent operational resilience among criminal networks.