BreachForums says it will shut down permanently after alleged admin arrested

BreachForums—the infamous board that threat actors used to advertise stolen data—has abruptly shut down after the March 15 arrest of its alleged administrator, Conor Brian Fitzpatrick (aka “Pompompurin”).

According to Hacker News, current administrator “Baphomet” wrote in a BreachForums channel that they “will be taking down the forum, as I believe we can assume that nothing is safe anymore.” Baphomet added that while they understood some users would be upset by the sudden termination of services, the decision was a tradeoff against a “long-term loss by propping up Breached as it is.” Brett Callow, a threat analyst at security firm Emsisoft, separately tweeted an encrypted email from Baphomet to BreachForums users explaining his suspicions unknown parties—“glowies,” a term often referring to federal authorities—had gained unauthorized access to an “old CDN server” on March 19.

Bloomberg reported that federal and local investigators arrested Fitzpatrick at his home in Peekskill, New York, on March 15 and charged him with a single count of conspiracy to commit access device fraud. Fitzpatrick was subsequently released on bond. Attorney Benjamin Gold, who represented Fitzpatrick in court, didn’t immediately respond to a request for comment from IT Brew.

Few details were available in an affidavit filed by an FBI agent working the case, other than Fitzpatrick allegedly admitting he was the person behind the Pompompurin account after his arrest.

Bloomberg reported that multiple sources said Fitzpatrick was the target of an investigation that lasted more than a year. Allan Liska, a senior intelligence analyst at cybersec firm Recorded Future, told the news agency that BreachForums was “one of, if not the most active hacker forums out there,” and originally arose as a successor to RaidForums, which shut down under a similar police crackdown in 2022.

While it is inevitable that yet another contender will emerge, prospects for the site’s users are less clear. Cybercrime forum busts often result in authorities gaining access to information that can identify users involved in illegal activities. After the fall of the Silk Road dark web market, alleged drug dealers across the globe faced charges.

“Quite a few of them now will be sweating…as to what their OPSEC was good enough, or whether the FBI will be kicking in their doors next,” Callow told the Washington Post. “It’s a valid concern. We don’t know how deeply the operation was compromised before the arrest of the admin. We don’t know what information the FBI may have gathered off that arrest or disruptions that may lead to.”—TM