fotokitas – stock.adobe.com
The BreachForums data leak website has been seized by the FBI and international partners again
An international law enforcement operation led by the United States’ Federal Bureau of Investigation (FBI), with assistance from the UK’s National Crime Agency (NCA) and others, has taken down the English-language BreachForums data leak forum, operated by a hacking collective known as ShinyHunters, for the second time in the space of a year.
BreachForums, which operated in plain sight on the internet, and was itself a successor to the RaidForums service disrupted in 2022 – had been previously disrupted by the authorities in the spring of 2023 after it offered data stolen from DC Health Link, a public health insurance market serving the city of Washington DC and by extension, many American politicians.
This operation saw the arrest of a New York state resident identified as BreachForums admin Pompompurin. This individual, whose real name is Conor Fitzpatrick, later pled guilty to conspiracy to commit access device fraud, solicitation for said purposes, and possession of child pornography. In January of 2024, he was sentenced to a 20-year term of supervised release for breaching bail conditions.
In the meantime, another high-profile forum member using the handle Baphomet, who had worked under Fitzpatrick, revived the BreachForums brand in the summer of 2023 and used it to leak more data. It is this version of the criminal project, alongside Baphomet’s Telegram channel, that has now been disrupted.
The FBI made no formal announcement of the seizure, and according to US reporting has declined to comment further. However Computer Weekly has confirmed that the site has been replaced with an official takedown notice stating the site has been taken down by the FBI and Department of Justice (DoJ).
This site now redirects to an official US government ‘tip’ site where the FBI states: “The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums.
“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cyber criminals to buy, sell, and trade contraband,