Hackread.com has learned that the infamous hacker and cybercrime forum Breach Forums has been permanently shut down. On March 18th, 2023, it was reported that Conor Brian Fitzpatrick (aka Pompompurin, aka Pom), the owner, founder, and administrator of Breach Forums, was arrested in New York.
The question regarding the forum’s future after Fitzpatrick’s arrest was echoed across different forums, with speculations about whether the forum would be seized by authorities, like its predecessor forum Raid Forums.
The day the news of Fitzpatrick’s arrest surfaced, one of its administrators, who goes by the alias Baphomet, claimed responsibility for taking over the forum to keep it running and protect it from being seized. They also claimed to have cut all of Fitzpatrick’s access to the forum.
However, in a statement made on the official Telegram channel of Breach Forums earlier today, Baphomet has announced the permanent shutdown of the forum. In a statement, Baphomet apologized to forum users for any inconvenience and emphasized that their decision was made for the betterment and safety of everyone.
It is worth noting that Baphomet plans to start a new Breach Forums-like community in the near future. However, for now, all forum domains will be redirected to a website owned by Baphomet.
Reason for Sudden Shutdown
The initial plan of administrator Baphomet was to keep Breach Forums online, but what changed their mind? In a statement, the administrator explained that the decision to shut down the forum came after they noticed someone had logged into an old forum CDN server on March 19th at 1:34 EST, 2023, which indicated that federal authorities had access to Fitzpatrick’s devices.
Baphomet stated that running a forum with the fear of law enforcement access would be risky, and the best solution for everyone’s safety was to permanently shut it down. Here’s what Baphomet had to say:
This will be my final update on Breached, as I've decided to shut it down. I'm aware this news will not please anyone, but it's the only safe decision now that I've confirmed that the glowies likely have access to Pom's machine. As I said early on in all of this, anything related to production Breached infrastructure was locked down immediately - however I was kind enough to leave a few old, non-essential servers completely unchanged. One of those servers I left unchanged is an old CDN from months ago that no longer hosts any CDN files or configs but rather was used to just download large files from time to time. Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server. Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I'm put into a position where nothing can be assumed safe, whether it is our configs, source code, or information about our users - the list is endless. This means that I can't confirm the forum is safe, which has been a major goal from the start of this shitshow. As for what this means now, It's complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around. I will redirect all the Breached domains to my baph.is domain. The Telegram group and channel will remain up for now, but I will make a new Telegram group for those interested in seeing what I have planned next. I will always be willing to sign a message to prove my identity to the community. While the community of Breached will die, I'm going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I'm hoping to work with some of those people to build a new community, that will have the best features of Breached while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place. I'll be taking 24 hours from the sharing of this message to just rest and think. I'll be back online to talk with everyone, and we'll go from there. The domains for the time being shouldn't be seized, but I'll let the community know if any of that happens. For now - see you, space cowboy. Baphomet
Although the shutdown of Breach Forums is seen as a positive initiative, for investigators, cybersecurity journalists, and researchers, it may become a rabbit hole. With no reliable community to turn to, cybercriminals could move to Russian-language forums to dump stolen databases, which is a bigger and larger-scale threat to unsuspecting users and organizations.
It is worth noting that Russian hacker forums are already forming alliances with Chinese-speaking hacker groups, which could eventually become a perfect recipe for disaster for adversaries on the opposite side.