BreachForums owner Pompompurin pleads guilty to hacking charges

Conor Brian Fitzpatrick, aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to hacking and child pornography possession charges.

According to the plea agreement, the maximum penalty is 40 years of imprisonment, a fine of $750,000, and a supervised release term ranging from 5 years to life attached to the child pornography possession charges.

"BreachForums included a 'Marketplace' section that was dedicated to the buying and selling of hacked or stolen data, tools for committing cybercrime, and other illicit material, including a 'Leaks Market' subsection," court documents unsealed on July 13th read.

"BreachForums operated as an illegal marketplace where its members could solicit for sale, sell, and purchase and trade hacked or stolen data and other contraband, including stolen access devices, tools for committing cybercrime, breached databases, and other services for gaining unauthorized access to victim systems."

During his arrest on March 15th, the 20-year-old confirmed after voluntarily relinquishing his constitutional rights and without legal representation that his real name was Connor Brian Fitzpatrick and that he was Pompompurin, the owner of the BreachForums.

Five days after Pompompurin's apprehension in Peekskill, New York, the remaining forum administrator, Baphomet, shut down the site because of suspicions that federal agents had obtained access to the servers.

The FBI confirmed they had access to BreachForums' database in new court documents released on the day of Fitzpatrick's arraignment.

U.S. law enforcement seized BreachForums' breached[.]vc clear web domain and the defendant's personal domain pompur[.]in on June 23rd.

DataBreaches.net was the first to report on Fitzpatrick’s guilty plea.

Pompompurin?

Pompompurin was a well-known figure within a cybercriminal underground focused on publicly leaking or selling data stolen from the hacked networks of various companies.

After the takedown of RaidForums in 2022, he founded the BreachForums (also known as Breached), which emerged as a prominent hub for data leaks.

The forum, at one point, claimed to have over 340,000 members and was frequented by ransomware groups and other threat actors seeking to leak stolen data online.

Before Fitzpatrick's arrest, an unidentified individual attempted to sell personal data belonging to U.S. politicians on BreachForums, data stolen during the breach of D.C. Health Link, the healthcare provider for U.S. House members, their families, and staff.

Pompompurin's involvement extended to breaches of numerous high-profile companies and organizations. For instance, he exploited a security issue to send fake cyberattack alert emails through the FBI's Law Enforcement Enterprise Portal (LEEP).

He also allegedly exploited a bug within Twitter's systems to obtain the email addresses of roughly 5.4 million users and was linked to the theft of Robinhood customer data in November 2021.