Conor Brian Fitzpatrick was sentenced to time served and 20 years of supervised release for his role as the founder and administrator of BreachForums.
Fitzpatrick, who goes by the online name “pompompurin,” was arrested in New York in March 2023 and subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on $300,000 bail and pleaded guilty to the charges in July 2023.
BreachForums is a major cybercriminal marketplace that has been facilitating the trafficking of stolen materials since March 2022. Before its closure, the site had more than 340,000 members.
Commonly stolen items on the platform include bank account information, Social Security numbers, personally identifiable information (PII), hacking tools, compromised databases and account logins for compromised online accounts of service providers and merchants.
BreachForums also advertises services that provide unauthorized access to victim systems. In total, millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies are estimated to be affected.
In addition to this, Fitzpatrick also operated a “Leak Market” that acted as a trusted middleman (i.e. escrow) between individuals on the site seeking to trade hacked or stolen data, tools, and other illicit materials.
“In addition, Fitzpatrick allegedly managed an ‘official’ database section through which BreachForums directly sold verified access to the hacked database through a ‘credit’ system managed by the platform,” the DOJ said.
Court records obtained by DataBreaches.net show Fitzpatrick’s mental health may be related to his ability to avoid prison.The day before sentencing, prosecutors respected The defendant was sentenced to 15 years in prison.
The 21-year-old is expected to serve the first two years of his sentence under house arrest surveillance equipped with a GPS location tracker and undergo mental health treatment. He was also ordered not to use the Internet for a first year and to register with the state sex offender registry in any state where he lives.
The amount of restitution Fitzpatrick must pay for the victims’ losses has not yet been determined. Fitzpatrick was jailed earlier this month for violating terms of his pre-sentence release by using an unmonitored computer and virtual private network (VPN).
Nonetheless, the seizure of these domains by law enforcement in March 2023 did not prevent illegal services from disappearing from the Internet. In November 2023, BreachForums was resurrected by the notorious ShinyHunters group, previously known for being active in Raid forums, whose downfall led to the launch of BreachForums.
