U.S. law enforcement arrested on Wednesday a New York man believed to be Pompompurin, the owner of the BreachForums hacking forum.
According to court documents, he was charged with one count of conspiracy to solicit individuals to sell unauthorized access devices.
During the arrest, the defendant allegedly admitted that his real name was Connor Brian Fitzpatrick and that he was Pompourin, the owner of the Breach Forums cybercrime forum.
“When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian FitzPatrick; b) he used the alias “pompourin,” and c) he was the owner and administrator of “BreachForums,” the data breach website referenced in the Complaint,” an FBI Special Agent John Longmire said.
Fitzpatrick was released on Thursday on a $300,000 bond and will appear in the District Court of the Eastern District of Virginia on March 24, as first reported by Bloomberg.
Until his appearance in court, the defendant has surrendered his documents and will only be allowed to travel within the Southern and Eastern Districts of New York and the Eastern District of Virginia for court purposes. He is also restricted from contacting witnesses, codefendants, or coconspirators.
While the suspected owner of BreachForums is away, a forum admin said that the site would continue to operate in its current capacity.
The admin added that they have full access to the site’s infrastructure and will continue to operate the forum.
Who is Pompompurin?
Pompompurin has been a well-known player in a cybercriminal underground devoted to breaching companies and selling or leaking stolen data through forums and social media. He was also a high-profile member of the RaidForums cybercrime forum.
After the FBI seized RaidForums in 2022, Pompourin created a new forum named ‘BreachForums’ to fill the void.
It has since become the largest data leak forum of its kind, commonly used by hackers and ransomware gangs to leak stolen data.
Last week, BreachForums was used by a threat actor to attempt to sell the personal data of U.S. politicians that was stolen in a breach on D.C. Health Link, a healthcare provider for U.S. House members, their staff, and their families.
While BreachForums became a force in cybercrime on its own, Pompompurin has also been involved in various high-profile company breaches.
These breaches include sending fake cyberattack emails using a flaw in the FBI’s Law Enforcement Enterprise Portal (LEEP), stealing customer data from Robinhood, and allegedly using a bug to confirm the email addresses of 5.4 million Twitter users.