The story of BreachForums is a cycle of rise, fall, and resurrection that has defined the English-speaking cybercriminal underground since 2022. Emerging from the ashes of RaidForums, it quickly became the premier clearinghouse for stolen data, only to be repeatedly dismantled by law enforcement and internal betrayal. 1. The Rise of the Successor (March 2022 – March 2023)
Following the April 2022 seizure of RaidForums and the arrest of its admin "Omnipotent," a user named Conor Brian Fitzpatrick (known as "pompompurin") launched BreachForums. It mirrored RaidForums' structure, allowing hackers to buy, sell, and trade contraband like stolen identities, hacking tools, and leaked databases. It exploded in popularity, filling the void left by its predecessor almost instantly. 2. First Collapse & Shift (March 2023 – May 2024)
The first major blow came in March 2023 when the FBI arrested Fitzpatrick in New York.
Succession Crisis: After Fitzpatrick's arrest, an administrator named "Baphomet" briefly took over. However, citing concerns that the forum's infrastructure was compromised, Baphomet shut down the original site on March 21, 2023.
The ShinyHunters Era: In mid-2023, the notorious extortion group ShinyHunters teamed up with Baphomet to relaunch BreachForums. This version became famous for hosting high-profile leaks, including data from Dell and potentially Live Nation/Ticketmaster. 3. Law Enforcement Strikes Back (May 2024 – Late 2025)
In May 2024, an international law enforcement operation led by the FBI seized the BreachForums domain and its associated Telegram channel.
Admins Targeted: Reports indicated Baphomet was arrested during this time, and the FBI used his Telegram account to send messages to the community.
Persistence: Despite the seizure, the forum resurfaced weeks later under ShinyHunters' administration. However, constant pressure from French and US authorities led to further disruptions, including the arrest of multiple administrators in 2025. 4. The "Doomsday" Breach & Recent Reboots (2026)
The story took an ironic turn in January 2026 when the forum itself was breached. BreachForums Data Breach - Have I Been Pwned
BreachForums is a notorious English-language cybercrime forum and marketplace primarily used for buying, selling, and trading stolen data. Since its inception in March 2022, it has served as a central hub for threat actors, initial access brokers, and ransomware operators. Historical Overview
Origin: Launched in March 2022 by an individual known as "pompompurin" (Conor Brian Fitzpatrick), it was designed as a successor to RaidForums, which had been seized by law enforcement earlier that year.
Expansion: The forum quickly grew to over 330,000 members, offering access to more than 14 billion individual records of personally identifying information (PII) across hundreds of datasets. Law Enforcement Actions:
2023: The forum’s creator, Conor Fitzpatrick, was arrested in March 2023. This led to a temporary closure and a leadership transition to an administrator known as "Baphomet".
2024-2025: The FBI and DOJ have seized various BreachForums domains and Telegram channels multiple times. In May 2024, law enforcement reportedly arrested "Baphomet".
Ongoing Presence: Despite these seizures, new iterations of the forum have frequently reappeared under different administrators, such as "ShinyHunters" and "Hasan". Primary Activities
The Digital Black Market: The Rise, Fall, and Resilience of BreachForums
BreachForums emerged as a critical node in the underground cybercrime economy, serving as a primary marketplace for stolen data until its disruption by international law enforcement. Often viewed as the spiritual successor to the notorious RaidForums
, it highlights a persistent cycle in cybersecurity: the rapid emergence of new illicit platforms to fill the vacuum left by the takedown of their predecessors. The Evolution of BreachForums Succession and Origins
: After the seizure of RaidForums by authorities, BreachForums quickly rose to prominence on the dark web. It became a hub where hackers and data brokers could trade, sell, or leak massive datasets acquired through corporate and government breaches. Key Figures and Leadership : The forum was initially led by an individual known as "Pompompurin"
. Even after Pompompurin's arrest in 2023 on charges of conspiracy to commit computer fraud, the site briefly continued under new management before its eventual seizure by law enforcement agencies in May 2024. Impact on Global Cybersecurity
BreachForums facilitated some of the most significant data leaks and cyber incidents in recent years: Major Corporate Breaches : The forum gained international attention when actors like ShinyHunters claimed responsibility for massive leaks, such as the Ticketmaster
breach involving the personal data of approximately 560 million customers. Strategic Leaks
: In January 2023, a user posted the source code for several services of
, a major Russian technology conglomerate, illustrating the forum's role in the dissemination of high-value intellectual property. Geopolitical and Social Risks
: Leaks hosted on the platform, such as the targeting of specific ethnic or religious groups in the BreachForums
breach, have been cited by experts and lawmakers as posing direct risks to physical safety and national security. Law Enforcement and the "Whack-a-Mole" Challenge
The history of BreachForums underscores the "disruption" strategy currently favored by global policing. Disruption over Arrest
: Law enforcement has shifted toward seizing website domains and Telegram channels to dismantle criminal infrastructure, recognizing that arrests in "soft jurisdictions" are often difficult to execute. Systemic Resilience
: Despite the arrest of its founders and the seizure of its domains, the underground economy remains resilient. New platforms often appear within weeks, reflecting an adaptable ecosystem where criminals see cybercrime as a low-risk, high-payout alternative to physical crime. Conclusion
BreachForums represents more than just a website; it is a symptom of a larger, evolving cybercrime landscape. While its seizure was a tactical victory for law enforcement, the forum's legacy serves as a reminder that as long as personal and corporate data remains a valuable commodity, digital marketplaces will continue to emerge, requiring constant vigilance and international cooperation to combat. investigative techniques
law enforcement used to track down the site's operators, or focus on the major data leaks attributed to the forum?
This Week’s Top 5 Cybersecurity News Stories May 2024 | 03
You've mentioned BreachForums. BreachForums is a platform that has been associated with the sharing and discussion of data breaches. Here's some general information:
What is BreachForums?
BreachForums is an online community and marketplace where individuals share and discuss information related to data breaches. The platform allows users to buy, sell, and trade stolen data, including personal identifiable information (PII), login credentials, and other sensitive data.
Key Features:
Risks and Concerns:
Legality and Law Enforcement:
If you're concerned about data breaches or have been affected by a breach, I can offer guidance on:
Could you clarify what kind of information you're looking for?
For example:
Please note: I cannot and will not provide instructions for accessing illegal marketplaces, engaging in cybercrime, downloading stolen data, or compromising computer systems. My purpose is to provide safe, legal, and ethical information.
If you want a neutral, factual overview (Option 1), I can provide that. Just let me know.
BreachForums: The Hub of the Modern Data Underground BreachForums has emerged as one of the most prominent and resilient English-language cybercrime marketplaces, filling the power vacuum left by its predecessor, RaidForums. Specializing in the distribution of stolen databases, leaks, and credentials, the platform serves as a critical junction for threat actors, security researchers, and law enforcement. Origins and Evolution
BreachForums was established in April 2022 by an individual known as "Pompompurin" shortly after the FBI seized RaidForums. Designed to mimic its predecessor's layout and functionality, it quickly became the primary destination for trading "leaks"—stolen data ranging from personal identifiable information (PII) to sensitive government documents.
Key Functionality: The forum facilitates the buying and selling of data using a credit-based system, often requiring users to contribute to the community to unlock premium content.
Arbitration: Like other major criminal forums, it includes dedicated "arbitration rooms" to resolve disputes between buyers and sellers, an attempt to maintain a level of trust within a criminal ecosystem. High-Profile Impact and Notorious Leaks
The platform gained international notoriety for hosting some of the largest data breaches of the decade.
Ticketmaster Breach (2024): In May 2024, threat actors posted a massive cache of data allegedly belonging to 560 million Ticketmaster customers. The listing included 1.3 terabytes of data, featuring credit card numbers and ticket sales details, with an asking price of $500,000. The story of BreachForums is a cycle of
Taiwanese Government Leaks: The forum has also been used for geopolitical purposes, such as the distribution of alleged (and sometimes forged) Taiwanese government documents intended to spread disinformation. Law Enforcement Battles and Leadership Shifts
BreachForums has been the target of intense international law enforcement operations.
Seizures: The FBI and international authorities have seized the forum's domains on multiple occasions, notably in 2023 following the arrest of its original founder.
Resilience: Despite these takedowns, the forum has frequently reappeared under new domains and leadership. In 2024, an individual known as "Rey" took over as administrator of the most recent incarnation, often associated with the hacking group ShinyHunters. The Role of ShinyHunters and Modern Threats
Recent activity on BreachForums is heavily tied to the group ShinyHunters, which uses the platform to extort companies. The group has been linked to major breaches involving Snowflake cloud storage, affecting high-profile clients like Ticketmaster and Santander. Beyond simple sales, the forum now acts as a recruitment ground for "insiders"—employees at large corporations willing to share network access for a share of ransom payments. Conclusion
BreachForums represents the "evolution of the integrated advanced persistent threat" in the digital age. Its ability to recover from law enforcement interventions highlights the persistent demand for a centralized hub in the cybercrime economy. For businesses, the forum serves as a grim barometer for data security, where the exposure of billions of records has become a recurring "crisis".
Are you interested in learning more about the legal consequences for companies that suffer breaches hosted on these forums? The scammers who scam scammers on cybercrime forums
BreachForums rose from the ashes of RaidForums, a notorious English-language cybercrime forum that was seized by international law enforcement in April 2022. Where RaidForums left a void, BreachForums quickly filled it.
Launched by a prominent actor known as "pompompurin," the forum was designed to be a dedicated space for buying, selling, and trading leaked data. Unlike "dark web" forums that require special browsers like Tor, BreachForums initially operated on the clear web, making it highly accessible and dangerously influential.
In the world of cybersecurity, few names have caused as much turbulence in recent years as BreachForums. Acting as the spiritual successor to the seized RaidForums, BreachForums became the internet’s premier marketplace for stolen data, databases, and access credentials.
From its inception in 2022 to its dramatic seizure by the FBI in 2023—and its subsequent resurrections—BreachForums represents the "Whack-a-Mole" nature of modern cybercrime enforcement.
In the shadowy corridors of the Dark Web, few names have commanded as much fear, respect, and scrutiny as BreachForums. Emerging from the ashes of the legendary RaidForums, this cybercrime haven quickly became the epicenter of data leaks, credential dumps, and illicit trading. However, its journey has been a volatile rollercoaster of law enforcement takedowns, betrayals, and resurrection attempts.
This article dissects the history of BreachForums, its operational mechanics, the legal takedowns, its current status, and what its existence means for enterprise cybersecurity.
Security experts predict that version 3.0 of BreachForums will eventually be seized as well. The FBI has proven its ability to infiltrate even the most paranoid communities. However, as one moderator on the new forum recently wrote in a farewell post before quitting: "You can kill the site, but you can't kill the idea. There will always be a BreachForums. It's just a matter of what domain it's on next week."
For now, the forum lives on—a digital black market that has become as resilient as the malware it helps spread.
Disclaimer: Accessing BreachForums or engaging in the purchase or sale of stolen data is illegal in most jurisdictions. This article is for informational and educational purposes only regarding cybersecurity threats.
BreachForums is a high-profile cybercrime forum known for the trade of stolen databases, hacking tools, and corporate access. Since its inception, it has faced a continuous cycle of law enforcement seizures and subsequent resurrections under different administrators and domains. Current Operational Status (as of April 2026)
The forum's status is highly volatile due to competing claims of takedowns and reboots:
Recent Activity: As of April 19–21, 2026, threat actors (allegedly affiliated with ShinyHunters) have been using the forum to list stolen data from high-profile breaches, such as a $2 million ransom demand for data from the cloud platform Vercel.
Infrastructure Disruptions: In March 2026, the non-profit CCITIC claimed to have disrupted the site by deactivating its upstream servers in Frankfurt.
Internal Data Leaks: In January 2026, a database containing details for over 320,000 forum users was leaked online, exposing usernames, IP addresses, and private messages. Historical Timeline of Major Events
BreachForums: The Resilient Town Square of Cybercrime BreachForums
stands as a pivotal yet volatile landmark in the modern cybercriminal landscape, serving as a primary "town square" for the sale and distribution of stolen data. Launched in 2022 to fill the void left by the seizure of RaidForums
, it has become a textbook example of the resilience and persistent nature of underground criminal ecosystems. Historical Context and Evolution Marketplace: BreachForums provides a platform for users to
BreachForums emerged as the spiritual successor to RaidForums, which was seized by U.S. authorities in early 2022. Rapid Growth : By March 2023, the platform had amassed over 340,000 registered users
, positioning itself as a cornerstone of the "cybercrime-as-a-service" model. Key Players : Its alleged founder, Conor Brian Fitzpatrick (alias Pompompurin
), was arrested in 2023 and subsequently sentenced to prison. Leadership Cycles
: Following Fitzpatrick's arrest, the administrator known as
took control, followed by others as law enforcement continued to target the site's infrastructure. A Cycle of Takedowns and Resurrections
The forum is defined by its ability to survive repeated law enforcement actions. Multiple Seizures
: U.S. authorities and international partners have seized BreachForums' domains and servers multiple times, including major operations in 2023, 2024, and late 2025 Infrastructure Shifts
: Each takedown often leads to a brief period of instability followed by a relaunch under new domains (such as ) or different administrators, often linked to the ShinyHunters hacking collective. Allegations of Infiltration
: The frequent reappearances have sparked paranoia within the community, with some users accusing operators of being law enforcement informants or "honeypots". The "Doomsday" Leak and Decline of Anonymity January 2026
, the forum suffered a catastrophic data breach of its own, exposing the very individuals who used it to trade stolen information.
BreachForums пережил ликвидацию или это honeypot?
BreachForums has emerged as a cornerstone of the English-language cybercriminal underground, serving as a primary marketplace for the sale and exchange of stolen data
. Despite frequent law enforcement interventions, the site has repeatedly "resurrected" through new administrators and infrastructure. History and Origins Successor to RaidForums : BreachForums was launched in March 2022
as a replacement for RaidForums after the latter was seized by international law enforcement. The "Pompompurin" Era : The first iteration was run by Conor Brian Fitzpatrick
(known as "pompompurin"). Under his leadership, the forum grew to over 330,000 members before his arrest in March 2023. Second Generation
: Following Fitzpatrick's arrest, the forum was briefly shuttered but revived in 2024 by the group ShinyHunters and an administrator known as Key Activities and Impact
The forum functions as a "town square" for threat actors to trade illicit goods: High-Profile Breaches
: It gained notoriety for hosting data from massive breaches, including companies like (70 million users) and alleged leaks from Ticketmaster (560 million users). Stolen Datasets : As of mid-2025, the forum offered access to over 14 billion individual records
of Personal Identifying Information (PII) across nearly 900 datasets. Marketplace Services : Beyond raw data, users trade Initial Access Broker (IAB) credentials, malware, and specialized hacking tools. The "Hacker vs. Hacker" Dynamics
BreachForums has ironically become a victim of the very activity it facilitates:
The cat-and-mouse game continues. As of 2025, the following trends are emerging regarding BreachForums:
Decentralization:
The future may not be a single forum but a federated network (Matrix/Telegram groups). Telegram has already absorbed much of the user base due to its end-to-end encryption and resistance to seizure.
AI-Generated Leaks:
Threat actors are beginning to use LLMs (Large Language Models) to parse raw stolen data and produce "credential stuffing lists" automatically. BreachForums v1 was manual; v3 will likely be automated.
Law Enforcement Infiltration:
The success of Operation Cookie Monster proved that the FBI can sit inside these forums for years. New forums will emerge, but trust is permanently broken. Many fear the next "Pompompurin" is already working for the government.
The golden age of BreachForums was short-lived. On March 21, 2023, the FBI and international partners seized the domain. Visitors to the site were greeted with a seizure banner and a message stating that the site had been taken down as part of an international law enforcement operation.
Shortly after the seizure, the forum's owner, Conor Brian Fitzpatrick (pompompurin), was arrested in New York. He was charged with conspiracy to commit access device fraud and possession of child pornography (stemming from content posted by users). In early 2024, Fitzpatrick pleaded guilty and faced significant prison time, marking a major victory for federal prosecutors.