The notorious hacker market BreachForums’ failed comeback appears to be the result of a PHP zero-day exploit compromising the forum’s “outdated and unpatched software,” the site’s newest administrator revealed on Monday.
Update on Tuesday, April 29th, 2025: The FBI has declined to comment on the matter.
After last week’s public fail to resurrect BreachForums (BF), it appears a new administrator is claiming to have taken over the mission, promising to revive the site independently of any shady characters from past iterations.
The new owner – username Momondo – also claims to be part of the “original" admin team, implying a direct connection to the market’s founder and OG administrator, Pompompurin.
For those unaware, Pompompurin, a.k.a. the then 20-year-old Conor Brian Fitzpatrick from New York, was arrested in a 2023 FBI takedown of the site, leading to a rotating door of administrators and site addresses ever since, none of which has been able to stick for very long.
In two posts, Momondo provided an explanation of what went down to BF's hundreds of thousands of users, on yet another new website address, this time with an.SX extension.
“Welcome to BreachForums (reincarnated)! This forum is back with the original team behind Breachforums,” the message began.
“It has been determined that BreachForums (breachforums.st) was operating an outdated and unpatched version of MyBB forum software,”Momondo said. “Due to the failure to apply critical security updates and patches, the infrastructure may have been vulnerable, allowing potential unauthorized access by third parties or law enforcement agencies,” they said.
Momondo also made it clear they had separated themselves from any affiliation with the latest crew of site administrators – including the last BreachForum’s owner “Anastasia” who failed miserably to launch a fourth version of the market, promised for last Thursday, April 24th.
In fact, instead of a BreachForums reboot, the site’s landing page on Thursday displayed a notice allegedly from Anastasia, offering to sell BreachForums' backup database (dated April 10th) and source code for a mere $2,000.
Additionally, while there is no mystery surrounding Momondo’s zero-day announcement, it’s still unclear who was behind the takedown of Anastasia’s “Breached” site, which as of Monday is non-existent.
Cybernews reached out to the FBI, who declined to comment on the latest site disruption and the possible arrest of any current or former administrators.
Did the FBI flex its muscles again?
Both Momondo and Anastasia have mentioned possible FBI involvement in the zero-day attack, yet Cybernews can not help but wonder if the Dark Storm Team hackers, who had been intermittently attacking the BF site “for fun” in the days leading up to its expected relaunch, are the ones to blame.
The Dark Storm Team, a pro-Palestinian hacktivist gang of suspected Script Kiddies and known for its recent DDoS attacks on Elon Musk’s X, had been publicly taunting Anastasia, declaring its antics on Telegram.
“We want to make it explicitly clear that we have no affiliation or cooperation with "Anastasia" or breached[.]fi,” Momondo wrote, before posting another “Statement Regarding Recent Events and Future Intentions.”
To further clarify the situation, in his second post Momondo revealed the PHP exploit, and explained why they decided to step down from the current team.
“It has come to my attention that BreachForums.st infrastructure was compromised through a 0day PHP exploit," Momondo said, adding that they “no longer feel confident in the current leadership and operational security measures.”
“Additionally, I want to make it explicitly clear that I do not intend to cooperate with individuals suspected of association with "Shiny" or any entities whose actions I believe compromise the integrity and safety of our community,” they continued.
To recap, the BreachForums site, first seized by the FBI during the 2023 bust, was then resurrected that June by its second in command, Blaphomet, only to be taken down by the FBI again in May 2024.
Since then, a third iteration of Breached was claimed by known threat actors Shiny Hunters and another one of the forum's notorious users, USDoD, both of who have fallen off the map and are suspected of having been arrested by the FBI.
Momondo, who is also asking for donations, claims they will install “new management, with renewed focus on security, transparency, and the original mission that brought our community together.”
In another message, signed by BreachForums administrators and posted on X by Dark Web Intelligence on Monday, the admins reiterated that no team members have been arrested and that "our infrastructure remains secure."
Your email address will not be published. Required fields are markedmarked