The threat actor known as “l33tfg” seems to have leaked data belonging to Black Lives Matter, from the store at http://store.blacklivesmatter.com
What Are Breach Forums All About?
BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.
On March 21, 2023, BreachForums was shut down following the arrest of the forum’s owner, Conor Brian Fitzpatrick. The forum was later reopened under the ownership of the hacking group ShinyHunters and previous BreachForums administrator “Baphomet”. Fitzpatrick was later sentenced to 20 years supervised release. The site was again shut down and the domain seized on May 15, 2024, though the domain was back under the owner’s control just hours later.
BreachForums, along with other dark web forums, uses DDoS-Guard for its web hosting services. DDoS Guard has been criticized for hosting sites associated with illicit activities, and for its lack of action with abuse reports.[4]
History
The forum was owned by and founded in March 2022 by then-19-year-old Conor Brian Fitzpatrick, known on the forum under his screen name “pompompurin”. Fitzpatrick’s identity had been based on the Japanese character by Sanrio of the same name. Fitzpatrick had, a year earlier, claimed responsibility for the 2021 FBI email hack. In 2024, the hacker IntelBroker became the forum’s owner.
Controversy
On December 10, 2022, a member of the forum identified by the screen name “USDoD” posted a thread offering the sale of a database containing the information of over 80,000 members of the FBI non-profit organization and information portal InfraGard. The individual claimed to have obtained access to the portal through a social engineering attack in which they pretended to be the CEO of an unknown U.S. financial corporation.
On March 6, 2024, a user known as IntelBroker posted that he was selling data originating from the breach of DC Health Link, a Washington D.C. health insurance marketplace. Soon after on March 9, 2023, another member identifying under the screen name “Denfur” posted a thread containing 200 entries, claiming that more information was to come. The D.C. Health Benefit Exchange Authority later stated that more than 56,000 customers had been impacted by the breach, but original posts relating to the data claim to have the information of over 170,000 customers.
On July 23, 2024, the entire database of the original BreachForums was leaked online by a threat actor. The site’s founder, Fitzpatrick, allegedly attempted to sell the data after being indicted and while released on bail.
Arrest and shutdowns
On March 15, 2023, in Peekskill, New York, Fitzpatrick was arrested by law enforcement and charged with conspiracy to commit access device fraud in federal court. Following Fitzpatrick’s arrest, another forum administrator under the screen name “Baphomet” took ownership of the website and its infrastructure. However, following Baphomet’s suspicion of the forum being compromised, on March 21, 2023, it was shut down. Baphomet later reopened the forum with black-hat hacking group ShinyHunters.
Approximately a month after his arrest, Fitzpatrick attempted to commit suicide in his home while released on bail.[15] He later pleaded guilty to conspiracy to commit access device fraud, access device fraud, and possession of child pornography. In January 2024, Fitzpatrick was detained after violating his bail conditions which forbade the use of a VPN. Despite federal prosecutors requesting that Fitzpatrick serve over 15 years in prison, he was sentenced to time-served followed by 20 years of supervised release. The United States has since filed an appeal of his sentence.
First domain seizure
On June 23, 2023, three months after shutting down, the clearnet domains for BreachForums were seized by the Federal Bureau of Investigation, U.S. Department of Health and Human Services, Office of Inspector General, and the Department of Justice in accordance with a seizure warrant issued by the U.S. District Court for Eastern Virginia.
Second domain seizure
On May 15, 2024, the FBI seized the most recent BreachForums clearnet site along with its onion site and the associated telegram. The seizure followed a significant data leak involving Europol’s portal. The forum briefly displayed an FBI seizure notice, highlighting cooperation with international partners. The FBI is examining the forum’s backend data, which may lead to identifying members and advancing investigations. The forum administrator, Baphomet, was arrested according to ShinyHunters. The site came back online on May 29, 2024.
With the power of JB (thanks man) and wikipedia: https://en.wikipedia.org/wiki/BreachForums