A threat actor known by the alias 'emo' has published the entire BreachForums v1 database, generated until late 2022, on Telegram, supposedly with the aim of allowing users to patch holes in their OPSEC (operational security).
As reported by Computer beepingemo began leaking data last weekend, first with member information (member names, email addresses and IP addresses, after they were banned from the current version of the forum).
After that, they laid out the rest, which includes a “huge amount” of additional data.
Sold by Pompompurin
“Attached you will find the complete BreachForum v1 database, all records until November 29, 2022,” Emo posted on Telegram.
“This database includes everything: private messages, threads, payment records, detailed IP logs for each user, etc. Originally, I only leaked the users table to prevent BreachForum staff from selling it behind the scenes; however, it has become apparent that so many people now have the database that its leak is inevitable.”
“This will give everyone the opportunity to review their records and correct the holes in their OPSEC.”
The file also appears to contain members’ encrypted passwords, private messages, cryptocurrency wallets used to purchase forum credits, and all posts made on the site. Cybersecurity researchers can use the messages to better understand how threat actors operate and compromise networks, while cryptocurrency wallet data can be used to link specific ransomware payments to individual criminals.
The database was apparently originally sold in July 2024 by the forum's founder, Conor Fitzpatrick, aka Pompompurin.
In early January 2024, Fitzpatrick was sentenced to 20 years of supervised release for operating the forum. The first two years of his sentence, Fitzpatrick will serve under house arrest, with a GPS tracker. He will also undergo mental health treatment. In addition, he will be banned from accessing the internet for a year and will have monitoring software installed on his devices.
