Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums

Flashpoint analysis reveals the volatile lifecycle of illicit data breach forums following law enforcement takedowns of Raid and Breach Forums. Key administrators, including Conor Brian Fitzpatrick (pompompurin), were arrested, triggering a race among successors like PwnedForum and Exposed to fill the void. These platforms faced internal conflict, operational security failures, and retaliatory hacks, notably by OnniForums, exposing thousands of user credentials. Established collectives like ShinyHunters attempted to launch new venues, highlighting the resilience of cybercriminal ecosystems despite enforcement actions. The trafficking of compromised data continues to pose significant risks to organizations and individuals. Threat intelligence teams should monitor these transitioning spaces for leaked credentials and emerging threat actor collaborations. Understanding this ecosystem is vital for anticipating data leakage trends and mitigating risks associated with illicit marketplaces.

The legacy of Raid, Breach, and their 'successors' provides an important lens into how data breach communities function and the real-life implications of the information they traffic The post Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums appeared first on Flashpoint .

Flashpoint analysis reveals the volatile lifecycle of illicit data breach forums following law enforcement takedowns of Raid and Breach Forums. Key administrators, including Conor Brian Fitzpatrick (pompompurin), were arrested, triggering a race among successors like PwnedForum and Exposed to fill the void. These platforms faced internal conflict, operational security failures, and retaliatory hacks, notably by OnniForums, exposing thousands of user credentials. Established collectives like ShinyHunters attempted to launch new venues, highlighting the resilience of cybercriminal ecosystems despite enforcement actions. The trafficking of compromised data continues to pose significant risks to organizations and individuals. Threat intelligence teams should monitor these transitioning spaces for leaked credentials and emerging threat actor collaborations. Understanding this ecosystem is vital for anticipating data leakage trends and mitigating risks associated with illicit marketplaces. The legacy of Raid, Breach, and their 'successors' provides an important lens into how data breach communities function and the real-life implications of the information they traffic The post Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums appeared first on Flashpoint . Blogs Blog Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums The legacy of Raid, Breach, and their ‘successors’ provides an important lens into how data breach communities function and the real-life implications of the information they traffic SHARE THIS: Flashpoint Intel Team July 5, 2023 Table Of Contents Table of Contents Race to the bottom Timeline More subscribe to our newsletter Race to the bottom Starting June 24, 2023, visitors to the former domain of Raid Forums were greeted by the avatar of arrested administrator “pompompurin” in tiny handcuffs—an unprecedented trolling of sorts by authorities. Pompompurin, whose real name is Conor Brian Fitzpatrick , became a highly reputable threat actor on the now-defunct top-tier hacking forum Raid Forums and upon its shutdown, founded Breach Forums. Breach Forums continued the legacy of Raid Forums, both as a fixture among the data breach communities and as a law enforcement target. The founder and administrator of Raid Forums, Diogo Santos Coelho (aka “omnipotent), was arrested on January 31, 2022. Fitzpatrick, who has been operating on English- and Russian-language forums under the pompompurin moniker since at least October 2020, was arrested by federal agents on March 15, 2023. Now, both Raid Forums and Breach Forums are no more . And ever since their seizures, other threat actors , some of whom were involved in the Breach and Raid, have attempted to continue their legacies in the purpose and services they provide. But it has thus far been a race to the bottom. Insight into the illicit spaces where cyber threat actors operate is vital to any threat intelligence operation. The legacy of Raid, Breach, and their “successors” provides an important lens into how data breach communities function and the real-life implications of the information they traffic. Related reading Another One Bites the Dust: The (Apparent) End of Breach Forums Read now Timeline Here is a summary of the recent events that we have observed within cybercriminal communities related, in some way, to Breach Forums and its legacy as a popular home for threat actors. March 17, 2023 : Breach Forums administrator “baphomet” decides to shut down the forum following the March 15 arrest of administrator pompompurin. The Washington Post included Flashpoint analysis in its March 22 coverage on the end of Breach Forums. March 29, 2023 : PwnedForum, an identically formatted clone of Breach Forums, launches and quickly gains users and shares compromised data. The forum’s creator, “Sinistery,” solicited forum administrators and developers to volunteer to operate the site. However, the forum was quickly shut down on April 4, 2023 , following a disagreement between Sinistery and forum administrators. A message attempting to sell PwnedForum was briefly advertised on the website before closing. One of the forum’s former main administrators, “Frost,” stated that they were working on a new forum separate from PwnedForum, though they did not provide a timeline. May 29, 2023 : “Impotent,” the forum administrator Exposed, leaks the database of 478,870 Raid Forums users. June 4, 2023 : PwnedForums posted on Telegram that the notorious leak collective, ShinyHunters, is launching a forum with former Breach Forums admins. Also on June 4, a user posted an advertisement for the Exposed forum, calling it the “new” Breach Forums and inviting the Russian hacktivist collective Killnet to join the forum. June 12, 2023 : ShinyHunters launches a new forum called Breach Forums—eponymous by name only. That very same day, Exposed Forums shut down. Its founders, “Impotent” and “Purism,” share that they will no longer support...