The FBI has arrested the alleged founder of BreachForums, a major hacker forum on which users post hacked and stolen data, including data alleged to have come from a breach that affected the personal information of U.S. lawmakers earlier this month.
The charge is related to Fitzpatrick having allegedly created and administered BreachForums, which the DOJ describes as a “marketplace for cybercriminals” that as of last week, claimed to have more than 340,000 members.
‘Marketplace for Cybercriminals’
Fitzpatrick, who goes by the alias “Pompompurin” online, allegedly operated BreachForums since March 2022, the DOJ release stated, citing court documents unsealed Friday.It adds: “BreachForums enables its members to post solicitations concerning the sale of hacked or stolen data, exchange direct private messages with prospective buyers and sellers, buy access to certain hacked or stolen data that the platform itself controls and distributes, and arrange other services related to the illicit transfer of stolen data and contraband.”
Fitzpatrick also allegedly managed a section where the website directly sold access to verified hacked databases that belong to various U.S. and foreign companies, organizations, and government agencies, the DOJ stated, adding that he “allegedly profited from the scheme by charging for forum credits and membership fees.”
Victims Include US Lawmakers: Report
The DOJ said that stolen data commonly sold on the website included “bank account information, social security numbers, other personally identifying information (PII), means of identification, hacking tools, breached databases, services for gaining unauthorized access to victim systems, and account login information for compromised online accounts with service providers and merchants.”Alleged victims of the website include millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies, the DOJ stated, adding that some of the stolen datasets posted on the website “contained the sensitive information of customers at telecommunication, social media, investment, health care services, and internet service providers.”
The DOJ cited other examples, including how 200 million users’ names and contact information of a major U.S.-based social networking platform were posted on BreachForums on Jan. 4.
Separately, on Dec. 18 last year, a BreachForums user shared information of over 87,500 members of InfraGard, which is a partnership between the FBI and the private sector that seeks to protect critical infrastructure.
Prior to appearing in court Friday, Fitzpatrick was released on a $300,000 bail with conditions.
His arrest comes about a year after U.S. authorities cracked down on RaidForums, described as the predecessor to BreachForums. RaidForums’ founder and chief administrator, Diogo Santos Coelho, was arrested on Jan. 31, 2022, by UK authorities at the request of the United States. Coelho is awaiting extradition.
