BreachForums is back – for real this time

The cybercrime marketplace BreachForums appears to have finally been resurrected with help from its former second in command – as the federal case against its former founder heats up. But will fears of FBI entrapment keep users away?

With the same look, same administrators, and even the same website address, the hacker-friendly marketplace has quietly made its return to the internet this week.

The biggest change, of course, is that its former founder and top administrator, Pompompurin, aka 20-year-old Conor Brian Fitzpatrick from New York, is now awaiting his legal fate after being busted by the FBI in March.

As of June 14th, the new BreachForums shows just over 1,500 members, though it also shows hundreds more guest visitors have been checking out the site daily.

Although the new site has only been up for barely a full week, by comparison, the old BreachForums boasted more than 340,000 members when it was taken down.

To attract users, the new site is even offering to restore the coveted ranking numbers earned by former members (displayed on member profile pages) pending verification by current administrators.

“If you need your rank restored from BF, please PM me on the forum if I don’t respond here. Provide anything from screenshots to account information (email, etc) that can verify you," administrators posted.

The new site is claimed to have been resurrected by the infamous hacker group ShinyHunters.

And it appears that the new owners have collaborated with BreachForum's former main administrator Baphomet – the second in command before Pompompurin's arrest.

It was Baphomet who scrambled to keep the BreachForums site afloat in the days following the FBI arrest, but then made the executive decision to permanently shutter the marketplace due to fears law enforcement had infiltrated its operations.

New BreachForums site
The new BreachForums site looks identical to the old site.

A flood of replacement sites popped up online in the wake of the shutdown, but fears of the new sites being secretly monitored and possibly run by the FBI caused many ex-Breached members to stay away.

Baphomet addressed the influx of Breached replicas at the time, making sure to point out that none of the new dark market sites were affiliated with the "real" BreachForums.

In an attempt to not discredit any of the replicas, the former administrator did point out that the more BreachForum copies operating online, the less likely the FBI would be able to zero in on just one criminal marketplace.

ShinyHunters take over BreachForums

The hacker repository vx-underground first broke the news that ShinyHunters would be launching the replacement site on June 2nd.

ShinyHunters is a notorious hacker gang first identified in 2020, typically known for using a "shiny" Pokemon avatar for its social media profiles, mysteriously absent from its new BreachForums profile pic.

ShinyHunters profile BreachForums
ShinyHunters profile on the new BreachForums site

The group is known for carrying out multiple high-profile data breaches costing their victims tens of millions of dollars.

Past big-name victims include Microsoft, Mashable, Zoosk, JusPay, Bonobos, and Pluto TV.

In spring 2022, the mysterious threat actors successfully breached AT&T and T-Mobile within days of each other, exfiltrating the personal data of a combined 110 million users.

In a bold move, ShinyHunters also tried to sell the stolen data from both mobile carriers on the dark markets within also days of each other.

It seems the hacker group has been laying low since one of its purported top members, 21-year-old Frenchman Sébastien Raoult, and two other French nationals, were arrested in Morocco last August, although ShinyHunters recently denied Raoult was a main player for the group.

The alleged criminal hacking trio was extradited to the US this January.

Fitzpatrick’s fate up in the air

Meantime, Fitzpatrick, who was released on bail following his March arrest, was scheduled to be indicted by the feds on May 15th, but that seems to have been put on hold by prosecutors.

It's not clear if Fitzpatrick has agreed to a plea deal, but on June 5th, court documents show Assistant US Attorney Lauren Pomerantz Halper for the Eastern District of Virginia (where the case is being heard) was added as the US Department of Justice's (DoJ) official representative.

On the same day Halper was added to the Fitzpatrick docket, the DoJ prosecutor was also assigned as the US rep for a similar case involving the administrator of the now-defunct cybercrime marketplace RaidForums.

RaidForums and its administrator in charge, known by the online moniker Omnipotent, were taken down by authorities last April following a lengthy investigation.

Identified as 21-year-old Doago Santos Coelho from Portugal, the former RaidForums admin is currently being held in the UK awaiting possible extradition to be tried in the US, more likely since Halper has now taken the case.

According to the FBI, soon after the RaidForums bust, Pompompurin announced his BreachForums marketplace as its official replacement site.

Pompompurin, founder of now-defunct BreachForums site
A former post by arrested admin Pompompurin on the old BreachForums site, June 22, 2022. US DoJ

Pompompurin and Omnipotent were also said to have been in contact with each other since at least 2020, court documents show.

In one instance, the filing shows the two suspects exchanged messages on RaidForums about a comprised email account containing Pompompurin’s real name, also seemingly the email account that led the FBI directly to Fitzpatrick.

Popular criminal marketplaces are used to buy, sell, and trade hacked or stolen data and other contraband, including stolen access devices, hacking tools, breached databases, and other services used to gain unauthorized access to victim systems, the FBI said.

More from Cybernews:

Popular email provider leaves systems wide open

Dozens of healthcare providers affected by Virginia debt collector breach

Cl0p, the MOVEit bug, and what to make of it all

AI helped Paul McCartney create final Beatles song

Russian groups target Switzerland with multiple cyberattacks

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked