Hackers on Edge as FBI Reportedly Gains Access to BreachForums Database

US investigators may have uncovered the motherload of incriminating data on cybercriminals by seizing the database for hacking site BreachForums prior to its shutdown. 

Last week, the FBI arrested the alleged owner of BreachForums, 20-year-old New York resident Conor Brian Fitzpatrick, also known as “Pompompurin.” The news led the notorious hacking forum to close down days later amid fears federal agents had compromised the website. 

But it looks like the FBI already obtained a backend database for BreachForums. On Friday, a US judge unsealed an affidavit supporting the criminal complaint against Fitzpatrick. The document(Opens in a new window) mentions federal agents using “records obtained from the SQL database of forum activity on BreachForums” to uncover an IP address that links Fitzpatrick to the Pompompurin profile.

Meanwhile, another section notes that “the FBI’s examination of the BreachForums database reveals that the pompompurin account was typically accessed through VPN services or Tor.” This suggests federal agents seized an internal database that contains the IP addresses for various users of the site. 

The disclosure prompted a remaining admin for BreachForums, Baphomet, to warn members that their past activity on the site may be in the hands of the FBI. 

“The most important thing right now of our community is to be aware that the FBI is now confirmed to have access to the Breached database. They clearly say so in their most recent documents,” Baphomet wrote(Opens in a new window) in a text document sent via a Telegram channel. 

“At this point the entire document will clearly show what I’ve said for the entirety of my time on Breached, and that you shouldn’t trust anyone to handle your own OPSEC [operational security],” Baphomet added. 

On Friday, the Justice Department noted that BreachForums had over 340,000 members as of last week. The site emerged amid the demise of RaidForums, which US investigators shut down last year. In the months since, BreachForums became a major destination on the open internet for hackers to host and sell access to stolen databases. 

“As of Jan. 11, the Official database section purported to contain 888 datasets, consisting of over 14 billion individual records,” the Justice Department said. 

Recommended by Our Editors

To investigate the site, the FBI used undercover agents to communicate with Pompompurin. The agency was able to connect Fitzpatrick to the Pompompurin moniker because he was also active on RaidForums, and the feds also seized that database.

The seized server records for RaidForums show that Pompompurin had at one point told another user about searching for the email address “[email protected]” The same records also revealed what IP addresses Pompompurin was using to visit RaidForums. Federal agents then surveilled Fitzpatrick’s cell phone GPS to show that he was likely visiting BreachForums while at his home in Peekskill, New York.  

The FBI didn’t immediately respond to a request for comment.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box

Hits: 0