BreachForums has spent the last few years as the primary marketplace for stolen data, but its recent history is a chaotic cycle of law enforcement takedowns, leadership arrests, and—ironically—multiple major data breaches of its own user base. A Relentless Cycle of Takedowns Since its launch in 2022 as a successor to RaidForums , the site has undergone several high-profile seizures: March 2023: The original founder, Conor Brian Fitzpatrick Pompompurin
v1 (March 2022 – March 2023): Operated by "pompompurin" (Conor Brian Fitzpatrick) until his arrest.
Origins (2022): Founded as the successor to RaidForums after its April 2022 seizure. Successive Iterations: BreachForums
Malware & Tools: Users trade hacking tools, malware, and even modified AI models designed for malicious use.
On March 15, 2023, agents arrested Conor Brian Fitzpatrick (Pompompurin) in Peekskill, New York. Simultaneously, the FBI seized the BreachForums domain and replaced it with a seizure banner. BreachForums has spent the last few years as
This article dissects the history of BreachForums, its operational mechanics, the legal takedowns, its current status, and what its existence means for enterprise cybersecurity.
How did BreachForums operate?
"The second you arrest one admin, three more volunteers pop up," says a senior threat intelligence analyst who spoke on condition of anonymity. "The data is already out there. The backups are on a dozen different servers in Russia, the Netherlands, and Singapore. As long as there is money to be made selling stolen identities, BreachForums or its spiritual successor will exist."
BreachForums demonstrated that credential theft is the single most effective attack surface.
Over 80% of posted leaks came from info-stealers, reused passwords, and exposed APIs – not zero-days. Successive Iterations : Malware & Tools : Users