The US authorities have arrested a New York man suspected of running a popular English-language dark web data breach forum called “BreachForums.”
The suspect, 22-year-old Conor Brian Fitzpatrick (aka “Pompompurin”) was arrested at his home in Peekskill, New York, on March 15, 2023 and charged with conspiracy to commit access device fraud.
According to an FBI affidavit filed in the Southern District of New York, Fitzpatrick has admitted that he “used the alias "pompompurin" and was the owner and administrator of BreachForums.”
Pompompurin, who has been a well-known player in cybercriminal underground, created BreachForums after the FBI dismantled RaidForums, one of the world’s biggest hacker forums to buy and sell stolen data. In less than 12 months, BreachForums gained popularity with hackers and ransomware gangs and developed into top cybercriminal website, with 225,000 registered members and 740,000 posts.
More recently, the forum was used by a threat actor to attempt to sell the personal data of US politicians that was stolen in the DC Health Link breach.
In November 2021, Pompompurin claimed responsibility for an FBI breach, where he accessed the agency’s Law Enforcement Enterprise Portal (LEEP) via a software misconfiguration and sent thousands of fake emails using an fbi.gov address.
Pompompurin is also linked to the 2022 breach of the FBI’s InfraGard outreach program, which saw the contact information of its more than 80,000 members go on sale. Pompompurin is also said to have been involved in the 2021 Robinhood hack that exposed the data of 7 million users, and the 2022 Twitter data leak.
Despite Pompompurin’s arrest, a recent post on BreachForum indicates that the forum will remain up and running, at least for the time being.