Breachforums

However, the lenient sentence did not last. While out on supervised release awaiting his fate, Fitzpatrick violated the terms of his bail by using a VPN to access online chatrooms. In those forums, he allegedly made statements challenging the legitimacy of his guilty plea and trivializing the sale of sensitive data to foreign interests. An appellate court found that the original sentence had failed to address the seriousness of his crimes and vacated it. In September 2025, Fitzpatrick was re-sentenced to . In delivering the new sentence, a federal prosecutor described the harm as nearly incalculable, specifically calling out the human cost of the child sexual abuse material he possessed.

BreachForums gained popularity among cybercriminals for several reasons:

To avoid falling victim to cybercrime, follow these best practices:

In March 2022, BreachForums was seized by law enforcement agencies, marking a significant victory in the fight against cybercrime. The operation, led by the FBI, resulted in the arrest of several individuals associated with the platform, including its founder and primary administrator. BreachForums

The Digital Black Market: The Rise, Fall, and Resilience of BreachForums

BreachForums was a relatively new player in the cybercrime ecosystem, emerging in 2019 as a successor to the infamous RaidForums, another popular platform for hackers and data breachers. BreachForums quickly gained traction as a go-to destination for threat actors looking to buy, sell, and trade stolen data, including credit card numbers, login credentials, and personal identifiable information (PII). The platform's user base grew rapidly, attracting both amateur and seasoned cybercriminals.

as a replacement for RaidForums after the latter was seized by international law enforcement. The "Pompompurin" Era : The first iteration was run by Conor Brian Fitzpatrick However, the lenient sentence did not last

, it highlights a persistent cycle in cybersecurity: the rapid emergence of new illicit platforms to fill the vacuum left by the takedown of their predecessors. The Evolution of BreachForums Succession and Origins

The seizure of BreachForums was made possible through a combination of intelligence gathering, online undercover operations, and technical analysis. Authorities identified key individuals involved in the platform's operation and gathered evidence to build a case against them.

Pro-Tip: If you are a security professional, use a dedicated virtual machine, a VPN, and ensure you download nothing without legal counsel approval. Better yet, hire a threat intel vendor to do the dirty work for you. An appellate court found that the original sentence

The forum operated on a tiered access system, requiring users to purchase "credits" to access premium leaks. This gamification of cybercrime allowed administrators to monetize the theft of billions of personal records.

For cybersecurity professionals, understanding the infrastructure of BreachForums is crucial. The site operated as a traditional vBulletin forum, but with Dark Web nuances.

To understand BreachForums, one must first understand its predecessor: RaidForums. For five years, RaidForums stood as one of the largest English-language cybercrime forums on the internet, a bustling bazaar where hackers could sell access to more than 10 billion stolen consumer records. In February 2022, an international law enforcement operation finally shuttered RaidForums, arresting its alleged administrator and seizing its servers, dealing a massive blow to the hacker underground. But cracks in a walled garden are not sealed by law enforcement alone; nature, as they say, abhors a vacuum. Within weeks, a new contender emerged to fill the void.

However, the administrator’s chair at BreachForums seemed cursed. Over the following months, a dizzying succession of leaders took the helm, often vanishing into law enforcement custody shortly after their tenure began. rose to leadership after Baphomet’s arrest in 2024, only to resign in early 2025 and later be arrested by French authorities. The admin known as “N/A” took control, followed by “Indra,” with each new face promising a more secure version of the platform.

The shutdown of BreachForums has significant implications for the cybercrime landscape: