The original founder and administrator of BreachForums, one of the most prolific English-speaking cybercrime platforms in recent years, has been resentenced to three years in federal prison.
Conor Brian Fitzpatrick, 22, also known online as “Pompompurin,” had previously received a controversial sentence of time served, but this was overturned earlier this year by a federal appeals court.
The resentencing follows a decision by the US Court of Appeals for the Fourth Circuit in January 2025 to vacate Fitzpatrick’s initial sentence of 17 days, citing the severity and scale of his crimes. Fitzpatrick pleaded guilty to three felony charges: access device conspiracy, access device solicitation, and possession of child sexual abuse material (CSAM). In addition to the prison term, he forfeited over 100 domain names, cryptocurrency linked to his illicit profits, and multiple electronic devices used to operate the platform.
BreachForums was launched in March 2022 as a successor to RaidForums, a major data-leak marketplace that was dismantled by law enforcement just a month prior. Within months, BreachForums rose to prominence, amassing over 330,000 members and positioning itself as a go-to marketplace for buying and selling hacked databases, stolen credentials, and other forms of digital contraband. The forum became notorious for hosting access to over 888 stolen datasets, collectively comprising more than 14 billion individual records.
Many of these databases contained sensitive personal and commercial information from high-profile data breaches. Victims included users of major US telecommunications firms, healthcare providers, investment platforms, and even government-linked organizations. One breach exposed the data of approximately 200 million users of a large US-based social media platform, while another targeted InfraGard, a public-private partnership between the FBI and private sector critical infrastructure providers, compromising data on nearly 88,000 members.
The Department of Justice described Fitzpatrick as personally profiting from the mass sale of compromised personal data and emphasized the immeasurable harm caused by his possession of CSAM. “These crimes were so extensive that the damage is difficult to quantify,” stated US Attorney Erik S. Siebert, while the FBI reiterated its commitment to pursuing both the administrators and users of such forums.
Fitzpatrick operated BreachForums until his arrest in March 2023, after which a new group of administrators, including “ShinyHunters” and “IntelBroker,” took over the platform and re-established its presence under new domains. Despite the FBI’s seizure of infrastructure in May 2024, the forum continued to operate in a fragmented form until June 2025, when French authorities arrested five individuals believed to be part of the forum’s leadership. The arrests, coordinated by the Brigade de lutte contre la cybercriminalité (BL2C), targeted figures operating under aliases such as “ShinyHunters,” “Noct,” “Depressed,” and “Hollow,” effectively dismantling the forum’s second-generation leadership.
Leave a Reply