BreachForums

Also known asBreachForums

BreachForums is an English-language cybercrime forum where hacked corporate databases are frequently advertised or sold. It has been used by threat actors to publicize intrusions and extortion claims, including claims related to the European Space Agency and France’s Ministry of the Interior. In the latter case, an administrator of the relaunched forum publicly claimed responsibility for the attack, said it was retaliation for the 2025 arrests of five forum moderators and administrators, and threatened to release allegedly stolen French police data. Reported aliases tied to those arrests include ShinyHunters, Hollow, Noct, Depressed, and IntelBroker. The forum has also been linked in reporting to broader cybercriminal ecosystems involving actors associated with ShinyHunters and communities overlapping with Doxbin, SIM-swapping, harassment, and extortion networks. Conor Brian Fitzpatrick, known as “Pompompurin,” was arrested in March 2023 as the alleged administrator of BreachForums.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

2 of 15 tactics2 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1195

Supply Chain Compromise

TA0040

Impact

1 technique

T1657

Financial Theft

IOCS

Observables

4 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

4 IOCsView more in app

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

data breaches netNews

Jan 2, 2026

European Space Agency confirms breach of “external servers”

BreachForums is a well-known hacking forum where threat actors often claim responsibility for breaches and leak stolen data. In this case, a threat actor on BreachForums claimed to have breached European Space Agency servers.

bleeping computerNews

Dec 17, 2025

France arrests suspect tied to cyberattack on Interior Ministry

BreachForums is known for facilitating and conducting cyberattacks, data breaches, and extortion campaigns. In this incident, they claimed responsibility for breaching France's Ministry of the Interior, allegedly stealing data on over 16 million people and threatening to release it unless the government negotiates.

osint team blogNews

Nov 27, 2025

OSINT-Related Articles, 20251126

BreachForums is an underground forum used by cybercriminals, including groups like ShinyHunters, to trade and sell stolen data.

krebs on securityNews

Sep 13, 2024

The Dark Nexus Between Harm Groups and ‘The Com’ - Krebs on Security

Cybercrime forum used to sell hacked corporate databases and expose victims to extortion and post-breach monetization.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping2

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables4

Domains, IPs, and hashes tied to this actor, refreshed continuously.