The hacking forum has now been officially taken down. However, the current administrator of the BreachForums, Baphomet, made an unexpected announcement on March 21, 2023, stating that “it’s not the end,” suggesting that there may be more to come.

“You are entitled to detest me and disagree with my decision, but I promise what is to come will be better for us all,” Baphomet stated in a message posted to the BreachForums Telegram channel.

Suspicions that law authorities may have gained access to the site’s configurations, source code, and user data are thought to be what led to the shutdown.

Conor Brian Fitzpatrick, the administrator, was taken into custody and charged with one count of conspiracy to commit access device fraud. He goes by the alias “pompompurin.”

pompompurin BreachForum

In recent months, BreachForums has filled the hole left by RaidForums, developing into a successful marketplace for buying and selling datasets that have been stolen from various businesses and organizations.

This is the hackers’ last letter

"Hello Everyone.

This will be my final update on Breached, as I've decided to shut it down. I'm aware this news will not please anyone, but it's the only safe decision now that I've confirmed that the glowies likely have access to Poms machine.

As I said early on in all of this, anything related to production Breached infrastructure was locked down immediately - however I was kind enough to leave a few old, non-essential servers completely unchanged. One of those servers I left unchanged is an old CDN from months ago that no longer hosts any CDN files or configs but rather was used to just download large files from time to time.

Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked, was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server. Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I'm put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users - the list is endless. This means that I can't confirm the forum is safe, which has been a major goal from the start of this shitshow.

As for what this means now, It's complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around. I will redirect all the Breached domains to my baph.is domain. The Telegram group and channel will remain up for now, but I will make a new Telegram group for those interested in seeing what I have planned next. I will always be willing to sign a message to prove my identity to the community.

While the community of Breached will die, I'm going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I'm hoping to work with some of those people to build a new community, that will have the best features of Breached, while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.

I'll be taking 24 hours from the sharing of this message to just rest and think. I'll be back online to talk with everyone, and we'll go from there. The domains for the time being shouldn't be seized, but I'll let the community know if any of that happens.

For now - see you space cowboy.

- - Baphomet"

Yet, the closure of BreachForums may encourage crooks to switch to clandestine forums to sell their warez.

The change also occurs as Telegram keeps serving as a focal point for cybercrime, promoting the sale of malware, corporate and personal data dumps, and other illegal commodities, including fakes and drugs.

Threat actors will probably continue to be hungry for hacked databases; however, it is unclear if this can be accomplished through an alternative forum or if a new one is necessary.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.


This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center