Hi Guys,

Just a quick update on last weeks article about the closing the ‘Breached’ hacking forum. In new court documents published last Friday, FBI Special Agent John Longmire revealed that the FBI had accessed the Breached database. You can read the document HERE.

All the best,



Hi Guys,

The well-known ‘Breached’ hacking forum has closed its doors after suspecting that law enforcement has accessed its servers. This article does not relate to most of our users, but it shows that even the world’s cybercriminals are vulnerable to cyber-attack. Here is what we know:

Background on the Breached Hacking Forum

  • Breached was a prominent hacking and data leak forum notorious for hosting, leaking, and selling data from compromised companies, governments, and organizations
  • The community attracted cybercriminals, ransomware gangs, data extortionists, security researchers, and those interested in the darker side of cybersecurity
  • Members were responsible for numerous high-profile breaches, including DC Health Link, Twitter, RobinHood, Acer, Activision, and more

The Arrest of Breached’s Founder and Subsequent Events

  • Breached’s founder and owner, Pompompurin, was arrested by the FBI, leaving the site in disarray
  • The remaining admin, Baphomet, took the site offline and attempted to transfer it to a more secure infrastructure

The Final Update and Shutdown

  • Baphomet planned to migrate the site to an untraceable infrastructure to maintain the community’s activities
  • The plan was then abandoned after Baphomet confirmed that ‘glowies,’ or federal agents, likely had access to Pompompurin’s machine
  • Here is the final statement:

Hello Everyone.

This will be my final update on Breached, as I’ve decided to shut it down. I’m aware this news will not please anyone, but it’s the only safe decision now that I’ve confirmed that the glowies likely have access to Poms machine.

As I said early on in all of this, anything related to production Breached infrastructure was locked down immediately – however I was kind enough to leave a few old, non-essential servers completely unchanged. One of those servers I left unchanged is an old CD from months ago that no longer hosts any CD files or configs but rather was used to just download large files from time to time.

Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked, was the old CD server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server. Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I’m put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users – the list is endless. This means that I can’t confirm the forum is safe, which has been a major goal from the start of this shitshow.

As for what this means now, It’s complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around. I will redirect all the Breached domains to my baph.is domain. The Telegram group and channel will remain up for now, but I will make a new Telegram group for those interested in seeing what I have planned next. I will always be willing to sign a message to prove my identity to the community.

While the community of Breached will die, I’m going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I’m hoping to work with some of those people to build a new community, that will have the people to build a new best features of Breached, while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.

I’ll be taking 24 hours from the sharing of this message to just rest and think. I’ll be back online to talk with everyone, and we’ll go from there. The domains for the time being shouldn’t be seized, but I’ll let the community know if any of that happens.

For now – see you space cowboy

  • – Baphomet

This development serves as a reminder that no one is immune to cybersecurity threats, and it’s essential to stay vigilant in protecting our digital lives.

As always, let me know if you need any help or advice.

All the best,

Max Roberts,
Incognito Privacy Care Team