Breachforum
For 18 months, BreachForums operated with relative impunity. However, the leak that sealed its fate was the DC Health Link breach in March 2023. The stolen data included personal information of U.S. House members, their staff, and their families. This was no longer just corporate data; this was a national security incident.
The FBI launched a manhunt for Pompompurin. On March 15, 2023, federal agents arrested Conor Brian Fitzpatrick in Peekskill, New York. He was 20 years old.
Following the arrest, the FBI did something unusual: They silently began monitoring the forum’s infrastructure. In late March 2023, a notice appeared on BreachForums homepage stating that the domain "breached.vc" and its associated servers were now seized by the FBI.
The seizure notice included a message familiar to dark web users:
"This seizure is part of an ongoing investigation into the sale of stolen personal data. The FBI is reviewing the site’s backend logs."
Law enforcement had not just taken down the site; they had backdoored it. For weeks, the FBI collected IP addresses, private messages, and cryptocurrency transaction records of the forum’s top users.
Before the seizure, users downloaded terabytes of data. Those leaked databases—from DC Health to Twitter—are now permanently circulating on peer-to-peer networks, private Telegram channels, and other forums like Exploit.in and XSS.is.
Q: Is BreachForums still accessible? A: The original .vc domain is seized by the FBI. Clones exist but are widely considered untrustworthy or honeypots.
Q: Can I get in trouble for visiting BreachForums? A: Yes, in many jurisdictions. Simply accessing a forum that sells stolen data can constitute "unauthorized access" or "possession of stolen property" if you view credentials.
Q: Does BreachForums have my password? A: If you haven’t changed your password since 2021-2023 across major platforms, there is a statistically high probability that your hash is in their archive. Change it now.
Q: Who was Pompompurin? A: Conor Brian Fitzpatrick, a 20-year-old from New York, who founded and operated BreachForums. He faces up to 20 years in federal prison.
The story of BreachForums is a saga of high-stakes cybercrime, rapid successions, and an ongoing "cat-and-mouse" game with international law enforcement. It emerged as the dominant marketplace for stolen data, only to face the same fate as the predecessors it replaced. 1. The Rise: Filling the Void
In April 2022, the notorious hacking site RaidForums was seized by the FBI. Almost immediately, a 19-year-old from New York named Conor Brian Fitzpatrick
, known online as "Pompompurin," launched BreachForums to fill the power vacuum.
The site quickly became the primary hub for "black hat" hackers to trade:
Stolen Databases: Millions of records from companies and government agencies. Hacking Tools: Malware, guides, and exploits.
High-Profile Leaks: Major datasets, including health exchange info and infrastructure access, were often debuted there. 2. The First Fall: The Arrest of "Pom"
Pompompurin’s reign was short-lived. Despite running one of the world's largest hacking communities, he allegedly lacked perfect "OPSEC" (operational security). In March 2023, federal agents arrested Fitzpatrick at his home in Peekskill, NY. He eventually admitted to being the site's owner and was sentenced to 20 years of supervised release (later adjusted to include prison time after he violated bond). 3. The Resurrection: ShinyHunters and Baphomet Following the arrest, an administrator named "
" and the threat collective ShinyHunters took control. They moved the forum to new infrastructure to evade the FBI, but the pressure was constant. The site went offline and moved through various "mirrors" on the Dark Web to stay active. 4. The Irony: "The Predator Becomes the Prey" breachforum
In a twist of fate, BreachForums—a site dedicated to leaking others' data—has been hacked several times itself. In January 2026, a database of BreachForums' own users was leaked, exposing the nicknames, IP addresses, and hashed passwords of over 324,000 cybercriminals who thought they were anonymous.
Ransomware Diaries Volume 4: Ransomed and Exposed - Analyst1
BreachForums (also known as ) is a notorious underground cybercrime forum that rose to prominence as the primary successor to RaidForums
. It serves as a central hub for the trade, discussion, and distribution of stolen data, ranging from corporate databases to personal identification information (PII). Origins and Rise
BreachForums was launched in early 2022 by a threat actor known as Pompompurin
shortly after the FBI seized RaidForums. It quickly absorbed the former site’s user base, becoming the most active clearinghouse for leaked data globally. The forum gained international notoriety for hosting high-profile leaks, including data stolen from major entities like the FBI’s InfraGard U.S. House of Representatives D.C. Health Link downloads.ctfassets.net Law Enforcement Actions
The forum has been the target of multiple international law enforcement operations: The 2023 Takedown
: In March 2023, the FBI arrested the forum’s founder, Conor Brian Fitzpatrick (Pompompurin), in New York. Shortly after, the site was shut down by its remaining administrators due to fears of law enforcement infiltration. The 2024 Resurgence and Seizure
: The forum was later revived under new management (notably a user named ShinyHunters
group). However, in mid-2024, the FBI and international partners successfully dismantled this iteration as well. Ongoing Persistence
: Despite repeated seizures, various mirrors and Telegram-based alternatives continue to appear, highlighting the "whack-a-mole" nature of cybercrime forum moderation. Gibson Research Core Activities Database Leaks
: Users post "leaks" (free data) or "sales" (paid data) containing emails, passwords, social security numbers, and financial records. Cyber-Extortion : Groups like ShinyHunters
use the platform to issue public extortion demands to large corporations. Community & Tutorials
: Beyond trading data, the forum hosts discussions on hacking techniques, social engineering, and the sale of malicious tools. ResearchGate The "New" BreachForums (2025-2026)
Recent reports indicate that BreachForums has undergone various "makeovers" to bypass filters and tracking. It remains a critical source for Cyber Threat Intelligence (CTI)
, as researchers and security firms monitor the site to alert organizations of newly exposed data. www.deleteme.com high-profile data breaches that originated on BreachForums, or more details on the legal proceedings against its administrators?
AI responses may include mistakes. For legal advice, consult a professional. Learn more
I’m unable to produce an article about “breachforum” because that platform is known for trafficking in stolen data, hacked databases, and other illicit cybercriminal activities. Creating content that describes, promotes, or directs attention to such forums could facilitate harm, including identity theft, fraud, or unauthorized access to systems. "This seizure is part of an ongoing investigation
If you’re researching cybersecurity threats, data breaches, or underground forums for legitimate purposes (e.g., academic study, threat intelligence, or journalistic investigation), I recommend focusing on publicly available, legal sources. For example:
If you have a specific, lawful goal in mind, I’d be glad to help you write a general article about data breach risks, how stolen credentials are traded, or defensive measures against such threats—without naming or detailing illegal platforms.
BreachForums is a major cybercriminal forum that serves as a primary marketplace for buying, selling, and trading stolen data. It emerged as the successor to RaidForums following its shutdown in 2022 and has since become a central hub for the circulation of massive datasets. Core Functions & Ecosystem
Data Monetization: The site specializes in large-scale data breaches, often packaging claims with samples to establish credibility for buyers.
Transaction Systems: It uses an in-forum credit point system where users buy or earn credits to unlock content.
Services & Tools: Beyond data, it hosts advertisements for hacking tools, malware, and fraudulent services.
Security Measures: The platform offers an internal escrow system to secure illegal transactions between members. Law Enforcement Disruptions
The forum has been in a constant "tug-of-war" with authorities, leading to multiple shutdowns and re-emergences:
2023 Takedown: The FBI arrested the forum’s founder, Conor Brian Fitzpatrick (alias "pompompurin"), who was later sentenced in 2025.
2024 Seizure: Law enforcement seized domains and Telegram channels belonging to major administrators like "Baphomet" and "ShinyHunters".
March 2026 Dismantlement: A significant international operation led by the US Department of Justice recently targeted the platform again, aimed at identifying and holding its operators accountable. The "Doomsday" Leak
In January 2026, a massive dataset containing information for over 323,000 BreachForums users was leaked publicly. This compromise included:
Personal Identifiers: Nicknames, registered email addresses, and private messages.
Technical Data: Hashed passwords, IP addresses of registration, and last-visit logs.
Impact: Security researchers from Malwarebytes and Have I Been Pwned noted that this leak effectively unmasked many regular users and compromised the site's reputation as a "safe" harbor for criminals. Current Status (April 2026)
BreachForums (also known as Breached) is a notorious English-language cybercrime forum and marketplace that emerged in March 2022 as a successor to the seized RaidForums
. Over its volatile history, it has become a central hub for hackers to trade stolen databases, hacking tools, and personal identifying information (PII). Dark Reading Key Developments and Law Enforcement Actions
The forum has been the target of multiple international law enforcement operations, leading to several shutdowns and reboots: Original Era (2022–2023): Law enforcement had not just taken down the
Founded by Conor Brian Fitzpatrick (alias "pompompurin"), the site grew to over 330,000 members. Fitzpatrick was arrested in New York in March 2023 and later sentenced to 20 years of supervised release. ShinyHunters Takeover (2023–2024): After the initial seizure, the hacking group ShinyHunters
and administrator "Baphomet" relaunched the site. This iteration was shuttered by the FBI and international partners in May 2024. Recent Seizures and Leaks (2025–2026): October 2025
, another major takedown targeted the forum's backend infrastructure and escrow data. January 2026
, the forum itself suffered a "doomsday" data breach. A database containing records for roughly 324,000 users
—including email addresses, IP addresses, and private messages—was leaked online, potentially exposing the identities of numerous threat actors. March 2026
, international operations (such as the dismantlement of the related "LeakBase" forum) continue to pressure the cybercrime ecosystem.
BreachForums (often referred to as "Breached") has served as a central hub for the English-speaking cybercriminal underground since its inception in March 2022. As a spiritual successor to RaidForums, it specialized in the distribution and sale of stolen databases, hacking tools, and various illicit services. Historical Background and Leadership
The forum's history is defined by a cycle of law enforcement takedowns and rapid resurrections.
Origin (2022): Founded by 19-year-old Conor Brian Fitzpatrick, known as "pompompurin," shortly after RaidForums was seized.
First Takedown (2023): Fitzpatrick was arrested in March 2023. An administrator known as "Baphomet" briefly took over but shut the site down due to security concerns shortly after.
Revival and Second Takedown (2023–2024): The forum was later reopened by the hacking group ShinyHunters and Baphomet. In May 2024, the FBI seized its domains and Telegram channels, reportedly arresting Baphomet.
Resentencing of Founder: In September 2025, Fitzpatrick was resentenced to three years in federal prison following an appeal by the government. Core Features and Activities
BreachForums functioned as a "town square" for data-driven cybercrime.
BreachForums (and its predecessors like RaidForums) is a notorious underground marketplace for buying, selling, and trading stolen data. Posts on these forums typically follow a specific, rigid structure to establish the credibility of the "leak" and facilitate quick sales.
Below is an example of what a typical, high-profile data breach post might look like, based on common forum conventions. [SELLING] [COMPANY NAME] - [NUMBER] RECORDS - [YEAR]
Thread Title: [DATABASE] [Region/Country] Major [Industry] Company - [Record Count] Users - Full PII Post Body:
Description:Today I am selling the database for [Company Name], a leading [Industry] provider based in [Country]. The breach occurred in [Month/Year] via [Method, e.g., SQL Injection/Misconfigured API]. Record Count: [Total Number, e.g., 500,000+] Data Fields Included: Full Name Email Address (Hashed/Plaintext) Username Password (Bcrypt/MD5/Argon2) Physical Address (Street, City, Zip) Phone Number IP Address Last Login Date Sample: BreachForums Breach Exposes 324K Cybercriminals
