Before diving into the situation, we first need to understand how BreachForums came to be. BreachForums was made to replace an online forum called RaidForums. RaidForums was founded in 2015 and quickly became a well-established hub for all things cybercrime. In early 2022, it was taken down following an international law enforcement operation. This operation resulted in the arrest of its founder, who operated under the alias _”Omnipotent”_—this effectively disrupted one of the most prominent platforms for cybercrime.
BreachForums was founded by Pompompurin in March of 2022—a month before the shutdown of RaidForums, likely in anticipation of its shutdown. Pompompurin was well-known in the community for his role in maintaining and operating the forum, and quickly gained notoriety. There were numerous incidents that likely caught the FBI’s attention:
12/10/2022: User “USDoD” tries to sell a database he claimed had information of over 80,000 InfraGard employees. InfraGard later confirms there were more than 80,000 breached.
03/06/2023: User “kernelware” tries to sell data allegedly stolen from Acer. The leak contains back-end infrastructure, confidential product information, confidential slides/presentations, and more.
03/09/2023: User “Denfur” posts a thread with ~200 breach entries from DC Health Link, then promises to release more. Denfur claims to be a Russian national and says he did it out of patriotism.
Pompompurin was arrested on 03/15/2023 and was charged with conspiracy to commit access device fraud, eventually receiving 20 years of supervised release. After his arrest, BreachForums admin “Baphomet” took control of BreachForums. However, he believed the forum had been compromised by law enforcement, so he shut it down, before later restarting it with hacking group “ShinyHunters”. On 06/23/2023, law enforcement seized the clearnet domains for BreachForums.
After this, it gets complicated, so I’ll outline some key points:
- 05/15/2024: FBI seizes another clearnet site, as well as a Telegram and an onion site (sites only available via Tor).
- 05/30/2024: ShinyHunters retake the website from law enforcement (somehow), and ShinyHunters allege that Baphomet was arrested.
- 06/14/2024: ShinyHunters retire, alongside admin “Hollow”.
- 07/21/2024: Allegedly, former admin Hollow is the current owner, now operating under the alias “Anastasia”.