Skip links

BreachForums shuts down … but the RaidForums cybercrime universe will likely spawn a trilogy

BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace’s alleged chief administrator.

A second admin declared the forum and stolen-data-mart is not “safe,” and shuttered it, in a Telegram message on the BreachForums channel posted on March 21, the administrator named “baphomet” also teased a sucessor:

BreachForums appeared on the dark web shortly after the demise of a similar stolen-data bazaar, RaidForums. The site quickly grew in popularity until the FBI and Department of Homeland Security swooped in to arrest Conor Brian Fitzpatrick, aka pompompurin, last week.

According to court documents [PDF], Fitzpatrick confessed to running the illicit souk.

Initially baphomet – whose identity is not known – had indicated they planned to migrate BreachForums to new infrastructure to keep it running.

Crims do good backups! Who knew?

However, in Tuesday’s “final update” the site’s admins wrote they “confirmed that the glowies [slang for government agents – ed.] likely have access to Pom’s machine” and shutting down the site is the only option.

“I now feel like I’m put into a position where nothing can be assumed safe, whether it’s our configs, source code, or information about our users the list is endless,” baphomet wrote. “This means that I can’t confirm the forum is safe, which has been a major goal from the start of this shitshow.”

In a Tuesday blog post, Flashpoint security researchers described the site shutdown as a “short-term disruption,” but noted it remains unclear what the new forum will look like.

“Baphomet’s latest message indicated that the forum will likely relaunch in another format, though it remains to be seen whether this will continue in the spirit of Raid or Breach, or be something new entirely,” according to Flashpoint. 

“Threat actors will likely continue to have an appetite for breached databases, and it remains to be seen if this can be through an alternative venue, or requires a new forum entirely,” it continued.

When asked who or what would likely replace BreachForums, Emsisoft threat analyst Brett Callow told The Register: “I have no idea what will replace BreachForums, but you can bet your bottom dollar that it will be replaced.” ®