Breachforums [exclusive] -

In January 2022, the hammer fell. The FBI, working with international law enforcement agencies, seized RaidForums and arrested Sarmento. For a moment, the cybercriminal ecosystem was fractured. But nature abhors a vacuum, and the digital underground abhors a power vacuum even more. Just weeks after the seizure of RaidForums, a new forum appeared. Its design was a near-identical clone of RaidForums, right down to the color scheme and user ranking system. It was called BreachForums , and its new administrator went by the handle "pompompurin."

This article explores the history of BreachForums, its predecessor RaidForums, the figurehead behind the chaos, and the eventual seizure of the platform by the FBI. To understand BreachForums, one must first understand its predecessor: RaidForums . BreachForums

Launched in 2015, RaidForums began as a space for "raiding"—coordinated harassment campaigns against online communities. However, under the leadership of its administrator, a Portuguese national named Diomedes Sarmento (known online as "Omnipotent"), the site pivoted. It became the premier clearinghouse for stolen data. In January 2022, the hammer fell

RaidForums democratized cybercrime. Before its rise, buying and selling stolen databases often required vetting on exclusive forums like Exploit or XSS. RaidForums lowered the barrier to entry. It operated on the clear web (accessible via standard browsers) and used an escrow system that gave low-level criminals the confidence to buy millions of user records without fear of being scammed. But nature abhors a vacuum, and the digital

The name was derived from a Sanrio character, a seemingly innocent choice that belied the administrator's alleged malice. Pompompurin quickly established a reputation for being both capable and erratic.

Serving as a bustling digital bazaar for stolen data, BreachForums was not just a website; it was a phenomenon. It represented a shift in how cybercriminals operated, moving away from secretive, invite-only communities to a public, accessible, and chaotic marketplace where data breaches were treated as commodities.

In the shadowy recesses of the internet, far removed the indexed webpages of Google and Bing, lies the dark web—a haven for illicit activity, whistleblower platforms, and underground marketplaces. For years, one name echoed louder than most among cybersecurity researchers, threat intelligence analysts, and cybercriminals alike: BreachForums .