BreachForums was a notorious dark web marketplace that specialized in buying and selling stolen data, hacking tools, and other cybercrime-related services. Its shutdown marks a significant victory for law enforcement agencies, disrupting cybercrime operations and sending a strong message to those involved in illicit online activities. As the dark web continues to evolve, it's essential for authorities to remain vigilant and proactive in their efforts to combat cybercrime.
An actor calling himself "James" discovered the exposed data and downloaded it. The dump included the usernames, email addresses, and Argon2-hashed passwords of over . Even more damaging was the inclusion of private messages and, crucially, the PGP keys belonging to high-profile threat actors who ran BreachForums, including the administrators ShinyHunters and IntelBroker. "James" then published the entire database online for anyone to see, adding a rambling manifesto to taunt his fellow criminals. The leaked data contained IP address information that, even with VPN use, pointed to heavy use from the United States, Europe, the Middle East, and North Africa. One security firm warned that the publication of this data would undeniably make it harder for many threat actors to hide their identities and would likely lead to arrests.
BreachForums was a dark web forum launched in 2020, designed to facilitate the buying, selling, and trading of stolen data, including sensitive information such as credit card numbers, login credentials, and personal identifiable information (PII). The platform quickly gained popularity among cybercriminals, becoming a one-stop-shop for those seeking to exploit compromised data. BreachForums
The site's administrators took steps to ensure the platform's longevity, implementing measures such as:
The shutdown of BreachForums sent shockwaves through the dark web community, as users scrambled to find alternative platforms. While some users migrated to other marketplaces, the loss of BreachForums dealt a significant blow to the cybercrime ecosystem. BreachForums was a notorious dark web marketplace that
The forum was seized by U.S. and international law enforcement in May 2023. Its administrator, Conor Brian Fitzpatrick (“pompompurin”), was arrested and pleaded guilty. As of 2024–2025, copycat or successor forums (“BreachForums 2.0”, “Breached.vc”) have appeared, but they are not the original operation.
BreachForums did not stop with Ticketmaster. Simultaneously, the same actors listed for sale the data of for a staggering $2 million. The data included customer account information and employee HR details. These high-profile posts demonstrated that despite—or perhaps because of—the relentless law enforcement pressure, the cybercrime ecosystem had become more daring than ever. In one of the most high-profile supply chain attacks of the year, the TeamPCP hacking group used the forum in 2026 to list the source code and internal data stolen from approximately 3,800 internal GitHub repositories , offering the haul for sale for a minimum of $50,000. An actor calling himself "James" discovered the exposed
By understanding the rise and fall of BreachForums, we can better navigate the complex world of cybercrime and the dark web. As the online landscape continues to evolve, it's essential to stay informed and vigilant in the face of emerging threats.
"The second you arrest one admin, three more volunteers pop up," says a senior threat intelligence analyst who spoke on condition of anonymity. "The data is already out there. The backups are on a dozen different servers in Russia, the Netherlands, and Singapore. As long as there is money to be made selling stolen identities, BreachForums or its spiritual successor will exist."
Has your organization been affected by a BreachForums leak? Conduct a Dark Web exposure audit today. Use tools like HaveIBeenPwned (for personal) or request a free threat surface scan from your security provider. Do not wait for your database to be the next top post.