Breach Forums Admin 'Pompompurin' Arrested in New York

Federal agents of U.S. law enforcement arrested on Wednesday have arrested Conor Brian Fitzpatrick, a Peekskill, New York resident, who allegedly operated the infamous dark web data breach site, "BreachForums." The site, which hosted stolen databases from nearly 1,000 companies and websites, has been a significant player in the cybercrime ecosystem.

Fitzpatrick, who went by the online alias "Pompompurin," was charged with a single count of conspiracy to commit access device fraud. BreachForums offered stolen personal information, including names, emails, and passwords, for sale to users. 

These databases were often used for fraudulent activities. Fitzpatrick's arrest took place at his home, where he admitted to using the alias "Pompompurin" and operating BreachForums.

In an affidavit filed with the District Court for the Southern District of New York, FBI Special Agent John Langmire said that at around 4:30 p.m. on March 15, 2023, he led a team of law enforcement agents that made a probable cause arrest of a Conor Brian Fitzpatrick in Peekskill, NY.

“When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: 

a) his name was Conor Brian Fitzpatrick; b) he used the alias ‘pompompurin/’ and c) he was the owner and administrator of ‘BreachForums the data breach website referenced in the Complaint,” Langmire wrote.

BreachForums was established after the shutdown of RaidForums, another hacker forum seized by the FBI in April 2022. 

According to Allan Liska, a senior intelligence analyst at cybersecurity firm Recorded Future, BreachForums is "one of, if not the most active, hacker forums out there." The platform has been responsible for leaking sensitive information stolen from major organizations, including Robinhood and Acer Computers.

Fitzpatrick has been under close scrutiny by cybersecurity investigators for more than a year. In November 2021, he claimed responsibility for sending fake emails from a "fbi.gov" email address. He was also involved in high-profile company breaches, such as stealing customer data from Robinhood and using a bug to confirm the email addresses of 5.4 million Twitter users.

Fitzpatrick was released on a $300,000 unsecured bond and is scheduled to appear in court in Alexandria on March 24. 

In the meantime, another forum administrator, who goes by the alias Baphomet, stated that the site would continue to operate in its current capacity, with full access to the site's infrastructure. He claimed responsibility for taking over the forum to keep it running and protect it from being seized by authorities.  

The arrest of Fitzpatrick and the ongoing operation of BreachForums highlight the growing concerns around cybercrime and the need for robust cybersecurity measures. As cybercriminals continue to find new ways to exploit vulnerabilities and steal sensitive information, organizations must prioritize security to protect their data and customers.