The FBI and international partners seized the site’s infrastructure. However, the site was back online within a few days under new management (ShinyHunters).
BreachForums represents the democratization of cybercrime. It has lowered the barrier to entry, allowing anyone with a crypto wallet and a bit of technical savvy to participate in the data trade. As long as there is a profit motive for stealing data and a demand for illicit information, platforms like BreachForums—or their inevitable successors—will continue to thrive.
During its relatively short 18-month reign, BreachForum was the distribution point for some of the most devastating leaks of 2022–2023.
While the live forum is gone, the massive archives of BreachForum have been mirrored across academic research repositories and other dark web sites. Over 20 billion records that passed through its servers are now part of the permanent "leaked dataset" ecosystem. Have I Been Pwned continues to add data originally shared on BreachForum. breachforum
Arresting the founder did not kill the forum's brand. Within weeks of Fitzpatrick's arrest, the platform was resurrected under new management, operated jointly by the notorious hacking group ShinyHunters and a previous administrator known as "Baphomet".
: A threat actor appropriating the name of the infamous LAPSUS$ group (whose teenage leader was arrested in 2022) has joined the fray. Hasan and "LAPSUS$" have pooled resources to launch devastating infrastructure attacks against the original BreachForums.
: A section for news related to breaches, cybersecurity updates, and platform announcements. The FBI and international partners seized the site’s
. Since its inception in early 2022, BreachForums has been a central nervous system for the global trade of leaked databases, hacking tools, and illicit services. Origins and the "Pompompurin" Era
To further protect your organization or deepen your research into cyber threat patterns, you can explore the data collection and network methodologies used to track underground forums through academic frameworks like HackerRank on SAGE Journals.
Yet, mirroring the cyclical history of its predecessors, the disruption was not permanent. Within weeks, ShinyHunters managed to reclaim or replace aspects of the infrastructure, routing users to new domains and decentralized networks. It has lowered the barrier to entry, allowing
. This new iteration continued the forum’s legacy, despite constant pressure from law enforcement and rival communities. A significant second takedown occurred in May 2024, but the domain was reclaimed by ShinyHunters just hours later. The "Doomsday" Breach of 2026 Ransomware Diaries Volume 4: - Analyst1
It attracted threat actors, hackers, "script kiddies," data brokers, and cybersecurity researchers monitoring leaks.
ShinyHunters used this new platform to leak incredibly destructive datasets, including massive dumps tied to global ticketing platforms, financial institutions, and retail conglomerates. The forum rapidly regained its status as the premier clearinghouse for stolen data on the internet. 6. The Endless Cat-and-Mouse Game
, including email addresses and password hashes. This has led to a significant decline in trust within the cybercrime community. FBI Reporting : The FBI maintains a formal Reporting Form