Conor Brian Fitzpatrick, aka Pompompurin, the owner of popular hacking forum BreachForums (aka Breached), has pleaded guilty to charges of hacking and possession of child pornography.
According to court agreementthe maximum penalty is 40 years in prison, a fine of $750,000, and a supervised release sentence ranging from 5 years to life on charges of possession of child pornography.
“BreachForums included a ‘Marketplace’ section which was dedicated to buying and selling hacked or stolen data, tools to commit cybercrimes and other illicit items, including a ‘Leaks Market’ subsection, ” to research documents unsealed July 13 read.
“BreachForums operated as an illegal marketplace where its members could solicit to sell, sell, buy and trade hacked or stolen data and other contraband items, including stolen access devices, tools for committing cybercrimes, hacked databases and other services to gain unauthorized access to victim systems.”
During his arrest on March 15the 20-year-old confirmed after voluntarily renouncing his constitutional rights and without legal representation that his real name was Connor Brian Fitzpatrick and that he was Pompompurin, the owner of BreachForums.
Five days after Pompompurin’s arrest in Peekskill, New York, the forum’s last administrator, Baphomet, close the site due to suspicions that federal agents had gained access to the servers.
The FBI confirmed that it had access to the BreachForums database in new court documents released on the day of Fitzpatrick’s arraignment.
US law enforcement grasped Violation of Forums[.]vc clear web domain and defendant’s personal domain pompur[.]on site June 23.
DataBreaches.net was the first to report on Fitzpatrick’s guilty plea.
Pompompurin was a well-known figure within a network of cybercriminals focused on publicly leaking or selling data stolen from hacked networks of various companies.
After the withdrawal from RaidForums in 2022, he founded the BreachForums (also known as Breached), which has become a leading hub for data breaches.
The forum, at one point, claimed to have over 340,000 members and was frequented by ransomware groups and other threat actors seeking to leak stolen data online.
Prior to Fitzpatrick’s arrest, an unidentified individual attempted to sell personal data belonging to US politicians on BreachForums, data stolen during the breach of DC Health Linkthe health care provider for US House members, their families, and staff.
Pompompurin’s involvement extended to breaches by numerous prominent companies and organizations. For example, he exploited a security issue to send fake cyberattack alert emails through the FBI’s Law Enforcement Enterprise Portal (LEEP).
He also allegedly exploited a bug in Twitter’s systems. to obtain the email addresses of approximately 5.4 million users and was linked to the theft of Robinhood Customer Data in November 2021.