CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

BreachForums Administrator Fitzpatrick Resentenced to Three Years in Prison

First reported
Last updated
3 unique sources, 4 articles

Summary

Hide ▲

Conor Brian Fitzpatrick, alias Pompompurin, the administrator of the BreachForums hacking forum, has been resentenced to three years in prison. Fitzpatrick was initially sentenced to time served and 20 years of supervised release, but this was overturned due to violations of pretrial release conditions. BreachForums was a significant platform for trading and selling stolen data and access to corporate networks. Fitzpatrick's resentencing follows his guilty pleas to charges of conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of child sexual abuse material (CSAM). The forum's activities included the sale and trade of stolen data from various sectors, including telecom providers, social networks, healthcare companies, investment firms, and government agencies. Fitzpatrick agreed to forfeit over 100 domain names, a dozen electronic devices, and cryptocurrency used in the operation of BreachForums. The U.S. Court of Appeals for the Fourth Circuit vacated Fitzpatrick's prior sentence on January 21, 2025. BreachForums had over 14 billion individual records at its peak and was relaunched multiple times despite efforts to shut it down. The original BreachForums database was leaked in July 2024, exposing members' information. ShinyHunters claimed the forum was compromised and under the control of international law enforcement in August 2025. The copycat forum went offline in September 2025, stating they have "decided to go dark" along with 14 other e-crime groups. The latest incarnation of BreachForums suffered a data breach, with its user database table leaked online. The leaked database contains 323,988 member records, including display names, registration dates, IP addresses, and other internal information. Most of the IP addresses in the leaked database map back to a local loopback IP address (127.0.0.9), but 70,296 records contain public IP addresses. The last registration date in the leaked user database is from August 11, 2025, the same day the previous BreachForums at breachforums[.]hn was closed. The current BreachForums administrator, known as "N/A," acknowledged the breach, stating that a backup of the MyBB user database table was temporarily exposed in an unsecured folder and downloaded only once. The breachforums[.]hn domain was seized by law enforcement in October 2025 after it was repurposed to extort companies impacted by the widespread Salesforce data theft attacks conducted by the ShinyHunters extortion group. A website named after the ShinyHunters hacking collective, shinyhunte[.]rs, released a Zip archive, "breachedforum.7z," containing the SQL database, alongside a lengthy message and a PGP key. The security firm Resecurity urged anyone interested in the database to download it from its own site, as other sources may try to booby-trap it with malware. The database includes meta-data of 323,986 users extracted from MySQL DB table named 'hcclmafd2jnkwmfufmybb_users' relevant to MyBB, an open source forum software. The database could be acquired as a result of a web application vulnerability in a CMS or through possible misconfiguration. Some of the records identified in the database are definitely authentic and can be cross-checked with other sources regarding specific actors. Some records have been edited, removed, or contain non-existent information (for example, replaced on IP 127.0.0.9), which is likely an OPSEC measure taken by the actors administering it. The manifesto accompanying the database names several individuals and potential aliases: Dorian Dali (Kams), Ojeda Nahyl (N/A, Indra) and MANA (Mustapha Usman). The current administrator of BreachForums, "N/A," posted a message to the forum, claiming "James" is a former member of ShinyHunters.

Timeline

  1. 17.09.2025 09:20 3 articles · 3mo ago

    BreachForums had over 14 billion individual records at its peak

    The forum was relaunched multiple times despite efforts to shut it down. The original BreachForums database was leaked in July 2024, exposing members' information. ShinyHunters claimed the forum was compromised and under the control of international law enforcement in August 2025. The copycat forum went offline in September 2025, stating they have "decided to go dark" along with 14 other e-crime groups. The latest incarnation of BreachForums suffered a data breach, with its user database table leaked online. The leaked database contains 323,988 member records, including display names, registration dates, IP addresses, and other internal information. Most of the IP addresses in the leaked database map back to a local loopback IP address (127.0.0.9), but 70,296 records contain public IP addresses. The last registration date in the leaked user database is from August 11, 2025, the same day the previous BreachForums at breachforums[.]hn was closed. The current BreachForums administrator, known as "N/A," acknowledged the breach, stating that a backup of the MyBB user database table was temporarily exposed in an unsecured folder and downloaded only once. The breachforums[.]hn domain was seized by law enforcement in October 2025 after it was repurposed to extort companies impacted by the widespread Salesforce data theft attacks conducted by the ShinyHunters extortion group. A website named after the ShinyHunters hacking collective, shinyhunte[.]rs, released a Zip archive, "breachedforum.7z," containing the SQL database, alongside a lengthy message and a PGP key. The security firm Resecurity urged anyone interested in the database to download it from its own site, as other sources may try to booby-trap it with malware. The database includes meta-data of 323,986 users extracted from MySQL DB table named 'hcclmafd2jnkwmfufmybb_users' relevant to MyBB, an open source forum software. The database could be acquired as a result of a web application vulnerability in a CMS or through possible misconfiguration. Some of the records identified in the database are definitely authentic and can be cross-checked with other sources regarding specific actors. Some records have been edited, removed, or contain non-existent information (for example, replaced on IP 127.0.0.9), which is likely an OPSEC measure taken by the actors administering it. The manifesto accompanying the database names several individuals and potential aliases: Dorian Dali (Kams), Ojeda Nahyl (N/A, Indra) and MANA (Mustapha Usman). The current administrator of BreachForums, "N/A," posted a message to the forum, claiming "James" is a former member of ShinyHunters.

    Show sources
    Open in new tab
  2. 17.09.2025 00:38 2 articles · 3mo ago

    BreachForums Administrator Fitzpatrick Resentenced to Three Years in Prison

    Fitzpatrick pleaded guilty to charges related to access device fraud, solicitation, and possession of CSAM. The U.S. Court of Appeals for the Fourth Circuit vacated his prior sentence on January 21, 2025. Fitzpatrick agreed to forfeit over 100 domain names, a dozen electronic devices, and cryptocurrency used in the operation of BreachForums.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Cyberattack on French Interior Ministry Email Servers

The French Interior Ministry confirmed a cyberattack on its email servers, detected between December 11 and 12, 2025. The breach allowed unauthorized access to document files, though data exfiltration remains unconfirmed. The ministry has tightened security protocols and launched an investigation to determine the origin and scope of the attack. Possible motives include foreign interference, activism, or cybercrime. On December 17, 2025, a 22-year-old suspect was arrested in connection with the attack. The suspect is accused of unauthorized access to an automated personal data processing system as part of an organized group. Investigations are being conducted by OFAC, France's Office for Combating Cybercrime. A BreachForums admin claimed responsibility for the attack, alleging it was in revenge for the arrests of forum moderators and admins. The forum post claims that data on 16,444,373 people from France's police records was stolen. In April 2025, France attributed a widespread hacking campaign to APT28, a group linked to Russia's GRU, targeting various French entities.

Open in new tab

Marquis Software Solutions Ransomware Attack Exposes Data from 74 US Financial Institutions

Marquis Software Solutions, a financial software provider, suffered a ransomware attack on August 14, 2025, through a compromised SonicWall firewall. The breach impacted over 74 US banks and credit unions, exposing personal information of approximately 400,000 customers. The stolen data includes names, addresses, phone numbers, Social Security numbers, financial account information, and dates of birth. Marquis has since taken steps to enhance its security measures, but there is no evidence of data misuse or publication. The attack is suspected to be linked to the Akira ransomware gang, which has been targeting SonicWall VPN devices.

Open in new tab

Mixpanel Data Breach Exposes OpenAI API User Information

OpenAI has disclosed that a data breach at Mixpanel, a third-party analytics provider, exposed limited customer identifiable information and analytics data of some OpenAI API users. The breach occurred between November 9 and 25, 2025, and resulted from a smishing (SMS phishing) campaign detected on November 8, 2025. Affected data includes names, email addresses, approximate locations, operating systems, browsers, referring websites, and organization or user IDs associated with API accounts. OpenAI has removed Mixpanel from its services and is conducting additional security reviews across its vendor ecosystem. The company is notifying potentially affected users and advising them to be vigilant against phishing and social engineering attacks. OpenAI emphasized that no chat content, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised. CoinTracker, a cryptocurrency portfolio tracker and tax platform, has also been impacted, with exposed data including device metadata and limited transaction count.

Open in new tab

ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage

Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.

Open in new tab

Unauthenticated access vulnerability in Oracle E-Business Suite Configurator

A critical vulnerability in Oracle E-Business Suite (EBS) allows unauthenticated attackers to access sensitive data via HTTP. The flaw, CVE-2025-61884, affects versions 12.2.3 through 12.2.14 and has a CVSS score of 7.5. CISA has confirmed that the vulnerability is being exploited in attacks and has added it to its Known Exploited Vulnerabilities catalog. Oracle has issued an emergency security update and patch, but exploitation in the wild has been reported. The vulnerability is in the Runtime UI component and could lead to unauthorized access to critical data. Oracle has silently fixed the vulnerability after it was actively exploited and a proof-of-concept exploit was leaked by the ShinyHunters extortion group. This development follows recent disclosures of zero-day exploitation in EBS software, attributed to a group with ties to the Clop ransomware group. The Clop group has been involved in major data theft campaigns targeting zero-days in Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer.

Open in new tab