BreachForums says it is closing after suspected law enforcement access to backend

In an abrupt about-face, the new administrator of popular cybercriminal platform BreachForums said they plan to shut down the site after its previous administrator was allegedly arrested last week.

A hacker going by the account name “Baphomet” initially said they were working through an emergency plan for the forum after the arrest of 21-year-old Conor Brian Fitzpatrick at his home in Peekskill, New York last Wednesday. In court documents, Fitzpatrick is alleged to be the hacker known as pompompurin – the leading administrator of BreachForums.

But in an update published on Tuesday, the new administrator taking over BreachForums said they now plan to shut down the platform entirely.

It appears that #BreachForums may be permanently offline. https://t.co/0wyu6z1jIC pic.twitter.com/2aYoM0vDOg

— Brett Callow (@BrettCallow) March 21, 2023

Baphomet wrote that someone was able to access the backend of the platform through pompompurin's account on Sunday afternoon, leading them to believe law enforcement may have access to the site's source code and information about the forum's users.

"This will be my final update on Breached, as I've decided to shut it down. I'm aware this news will not please anyone, but it's the only safe decision now that I've confirmed that the glowies likely have access to Poms machine," the hacker said.

"Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I'm put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users the list is endless. This means that I can't confirm the forum is safe, which has been a major goal from the start of this shitshow."

Baphomet — who has not been identified — plans to redirect the site's domains to a new one and will still run a Telegram channel.

The administrator will start a new Telegram group for those interested in creating a successor platform for cybercriminals.

Baphomet added that they are interested in working with "some of the competitor forum admins and various service operators" who reached out over the past few days to build a new community "that will have the best features of Breached, while reducing the attack surfaces we never properly addressed."

"As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place," the administrator said.

"I'll be taking 24 hours from the sharing of this message to just rest and think. I'll be back online to talk with everyone, and we'll go from there. The domains for the time being shouldn't be seized, but I'll let the community know if any of that happens. For now see you space cowboy."

BreachForums became the go-to site for cybercriminals to purchase stolen data and market troves of information leaked during hacks and attacks. The forum was most recently in the news after hackers posted data stolen from Washington, D.C.’s healthcare exchange platform on the site, including the sensitive information of Congress members and staff.

On Tuesday, Rep. Joe Morelle (D-NY) told CBS News that at least 17 current or former members of Congress had personal information exposed in the hack alongside more than 56,000 people.