However, it was not just the data traded on the forum but also the actions of its founder that escalated the situation. Before founding the forum, Fitzpatrick was linked to other high-profile hacks, including a breach of the FBI's own law enforcement enterprise portal, which he used to send out fake cyberthreat warnings from a legitimate FBI email address.
The legal future of its founder is also now sealed. In September 2025, following an appeal by the Department of Justice, Conor Brian Fitzpatrick was resentenced to three years in federal prison after his initial sentence of time-served and 20 years of supervised release was deemed insufficient by the U.S. Court of Appeals. In a separate novel legal development, Fitzpatrick was also forced to forfeit nearly $700,000 to a health insurance company whose data was sold on his forum, marking the first time a threat actor has been named in a civil lawsuit for damages stemming from a data breach.
. Despite frequent law enforcement interventions, the site has repeatedly "resurrected" through new administrators and infrastructure. History and Origins Successor to RaidForums : BreachForums was launched in March 2022
, who eventually teamed up with the notorious extortion group ShinyHunters . Deconstructing the BreachForums Drama - Searchlight Cyber BreachForums
Perhaps the most ambitious campaign linked to BreachForums was the extortion of Salesforce customers. A collective known as "Scattered Lapsus$ Hunters," comprised of ShinyHunters and Scattered Spider, claimed to have stolen approximately one billion customer records from Salesforce. Using sophisticated vishing and social engineering attacks, the group gained access to massive datasets belonging to major corporations including . The stolen data was held for ransom, with a deadline of October 10, 2025, posted on BreachForums for the world to see.
The forum's status is highly volatile due to competing claims of takedowns and reboots:
The shutdown of BreachForums has significant implications for the dark web and the cybercrime ecosystem: However, it was not just the data traded
Flash Report: BreachForums Allegedly Relaunched With New Domain
: U.S. authorities and international partners have seized BreachForums' domains and servers multiple times, including major operations in 2023, 2024, and late 2025 Infrastructure Shifts
To understand BreachForums, one must first look at its predecessor. In early 2022, international law enforcement, led by the FBI, successfully dismantled , a massive cybercrime community that had operated for years with relative impunity. When the owner of RaidForums was arrested in the United Kingdom, a void opened up in the English-speaking cybercriminal underground—a void that was quickly filled. In September 2025, following an appeal by the
: It gained notoriety for hosting data from massive breaches, including companies like (70 million users) and alleged leaks from Ticketmaster (560 million users). Stolen Datasets : As of mid-2025, the forum offered access to over 14 billion individual records
The forum's primary draw is its vast collection of stolen datasets containing Personal Identifying Information (PII) like social security numbers, bank details, and account credentials from major global companies .
By understanding the risks and taking proactive measures, individuals and organizations can reduce their exposure to the threats posed by BreachForums and other dark web platforms.
The demise of BreachForums sent shockwaves through the dark web community, with several consequences:
The site's administrators took steps to ensure the security and anonymity of their users, implementing measures such as two-factor authentication, encryption, and a strict verification process for sellers. These efforts aimed to build trust among users and prevent law enforcement from infiltrating the platform.