BreachForums leak lets hackers attack each other

In a twist of irony, private details of the original BreachForums website users, collected by its now-sentenced admin, Conor Fitzpatrick, were leaked online, giving hackers a taste of their own medicine.

The data encompasses the private details of the original users of the now-defunct BreachForums. While the forum still remains, the leaked data, dated November 29th, 2022, was taken from the original forum, headed by Fitzpatrick, who went by the moniker of Pompompurin.

The Cybernews research team confirmed that the leaked data is legitimate and includes information such as:

• Usernames
• Passwords
• Email addresses
• Direct messages
• IP addresses
• Registration dates
• Other account details

According to the team, hackers may use the leak to discover who was hiding behind certain usernames. In other words, attackers may attempt to use the leak for doxxing, a type of attack aimed at revealing the identities and locations of people online.

“The leak is important because BreachForums V1 was one of the most popular cybercrime forums at the time. Moreover, depending on the context of leaked private messages it might start conflicts between cybercriminal groups or individual threat actors,” Cybernews researchers said.

Since the website was seized by several law enforcement agencies, researchers surmise that the recent leak might be of little value for authorities.

“However, with the information present in the database, it is possible to track down threat actors’ physical locations and attribute threat actors to previous data breaches (even if the data wasn't posted publicly). It may also allow law enforcement to issue warrants on the threat actor Internet service providers to collect even further evidence,” the team said.

BreachForums was a resurrected version of RaidForums, another criminal marketplace seized by the FBI in August 2022.

Cybercriminals used BreachForums to exchange data stolen from businesses and other organizations. For example, information stolen from a medical insurance company, DC Health Link, including sensitive information on US House and Senate members, was posted on the website.

Fitzpatrick was arrested in early 2023 with the original BreachForums closing soon after.

Attackers claim that the leaked user data was collected by Fitzpatrick himself, who tried to sell the data for $4,000 in June 2023, months after he was charged with running the website.

Earlier this year, Fitzpatrick was sentenced to 20 years of supervised release. The sentence was far from the worst-case scenario, as the US government's earlier recommendation was that Fitzpatrick spend 15 years in prison for his crimes related to hacking and posession of child pornography.