Vessel Tracker Request Viewbook Contact Us
Apply

Breachforums Now

Purpose: Quickly assess and contextualize leaked datasets to help researchers and defenders prioritize incident response and remediation.

In the cybersecurity world, taking down a forum is often akin to cutting off the head of a hydra. Almost immediately after the seizure, splinter groups and copycats attempted to revive the community.

Various mirrors and "BreachForums 2.0" sites appeared, run by former administrators and rival actors. However, these successors have struggled with credibility issues, internal drama, and constant DDoS attacks, proving that the infrastructure of these forums is as fragile as it is illicit.

The hubris of BreachForums was its downfall. By hosting the DC Health Link data (which included sensitive information on U.S. House members and staff), Pompompurin painted a target on his back.

In March 2023, the FBI, in collaboration with the UK’s National Crime Agency (NCA), Europol, and other international agencies, launched Operation Cookie Monster. BreachForums

On March 15, 2023, agents arrested Conor Brian Fitzpatrick (Pompompurin) in Peekskill, New York. Simultaneously, the FBI seized the BreachForums domain and replaced it with a seizure banner.

The Aftermath:

BreachForums (also styled BreachForums or BreachForums[.]st etc.) was an English-language cybercrime forum and data marketplace. It succeeded the original RaidForums after law enforcement shut it down in 2022. BreachForums became one of the most prominent sources for:

It operated on the clear web (via .st, .cx, .is domains) and a Tor mirror. Purpose: Quickly assess and contextualize leaked datasets to

Status: The forum was seized by U.S. and international law enforcement in May 2023. Its administrator, Conor Brian Fitzpatrick (“pompompurin”), was arrested and pleaded guilty. As of 2024–2025, copycat or successor forums (“BreachForums 2.0”, “Breached.vc”) have appeared, but they are not the original operation.

March 2025 — In the underground economy of stolen data, few names carry as much weight—or as much legal baggage—as BreachForums.

Just months after the FBI and international partners dismantled the original platform for the second time, security researchers are tracking yet another resurrection of the notorious hacking forum. This whack-a-mole cycle has turned BreachForums into a case study for law enforcement's struggle to permanently erase cybercrime infrastructure from the dark web.

In the shadowy corridors of the Dark Web, few names have commanded as much fear, respect, and scrutiny as BreachForums. Emerging from the ashes of the legendary RaidForums, this cybercrime haven quickly became the epicenter of data leaks, credential dumps, and illicit trading. However, its journey has been a volatile rollercoaster of law enforcement takedowns, betrayals, and resurrection attempts. BreachForums (also styled BreachForums or BreachForums[

This article dissects the history of BreachForums, its operational mechanics, the legal takedowns, its current status, and what its existence means for enterprise cybersecurity.

The original BreachForums (often styled "BreachForums" or "Breached") was launched in March 2022 by a young, affluent hacker known as Pompompurin (real name: Conor Brian Fitzpatrick). It quickly filled the void left by the seizure of RaidForums, becoming the premier English-language marketplace for stolen databases, credential lists, and corporate leaks.

For nearly a year, the site thrived. Users bought and sold login credentials from giants like Robinhood, Twitter, and even the FBI’s own virtual academy. But in March 2023, the FBI arrested Fitzpatrick in New York. The site was seized, and a splash page announced its demise.