Written by staff writer.
Federal Bureau of Investigations (FBI) agents have arrested a man known as Pompompurin, who they allege was behind the dark web hacking website, BreachForums. Meanwhile, a new administrator has stepped in to keep the website running.
First reported by Bloomberg, Conor Brian Fitzpatrick, 22, was arrested at his home in Peekskill, New York, where he lived with his parents, on March 15, 2023. The FBI charged him with one count of conspiracy to solicit individuals to sell unauthorized access devices. Local news stations showed footage of FBI agents carrying bags of evidence from the house over several hours and said that he had been under active investigation for over a year.
An affidavit signed by FBI agent John Longmire on the same day and presented to Judge Paul Davison of the US District Court said that Fitzpatrick had admitted he was the site’s owner and used the alias’ Pompompurin.’
Pompompurin is well-known in hacking forums and allegedly created BreachForums in 2022 after the FBI seized and dismantled its predecessor, RaidForums. In less than 12 months, BreachForums gained popularity with hackers and ransomware gangs and developed into a significant dark website. Presently, it reportedly hosts around 1,000 stolen databases, which individuals or syndicates can purchase, usually for fraud-related activity.
As recently as last week, BreachForums hit the headlines after a hacker used it to attempt to sell a database stolen from DC Health Link, a health insurer for US House of Representative members, their employees, and their families. That database contained the personal details of 170,000 people, including names, dates of birth, home addresses, and social security numbers.
In November 2021, Pompompurin claimed responsibility for a cyber breach that caused the FBI significant embarrassment. In that incident, he accessed the FBI’s Law Enforcement Enterprise Portal (LEEP) via a software misconfiguration and sent thousands of fake emails using a fbi.gov address.
Other breaches Pompompurin has alleged involvement in include the 2021 hacking of US financial services company RobinHood, in which seven million customers had their stolen, and the 2022 Twitter breach in which the personal information of 5.4 million Twitter users was accessed via an API vulnerability.
Following Fitzpatrick’s arrest, BreachForums enacted an emergency plan, indicating a degree of contingency planning not seen on other hacking forums. “It’s now been confirmed that Pom has been arrested,” says the site’s new administrator, Baphomet. “I think it’s safe to assume he won’t be coming back, so I’ll be taking ownership of the forum. I have most, if not all, the access necessary to protect BreachForum infrastructure and users. I am working through the next steps of the emergency plan for the forum. Please be patient and try not to lose your minds.”
Fitzpatrick was released on a USD300,000 bond guaranteed by his parents and is due to reappear before the US District Court in Virginia on March 24. Bail conditions bar him from contacting other BreachForum users.
