In a significant victory for global cybersecurity, the notorious hacking marketplace BreachForums has been dismantled by an international law enforcement coalition. The operation, codenamed “Operation ACHO,” saw the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), alongside international partners, seize the forum’s domains and infrastructure, effectively shutting down a primary hub for the trade of stolen data.

The takedown notice, which replaced the site’s usual login page, prominently features the seals of the FBI and DOJ. It states that the site was taken down and that its backend data is now in the possession of law enforcement. This seizure marks the second time in just over a year that the FBI has taken down a version of the illicit forum, underscoring a persistent and coordinated effort to disrupt the cybercrime ecosystem.

What Was BreachForums?

BreachForums emerged as the de facto successor to RaidForums, another prolific hacking forum that was dismantled by authorities in 2022. It quickly became the go-to marketplace for cybercriminals looking to buy, sell, and trade massive databases of stolen information. This data often included sensitive personal identifiable information (PII), such as names, email addresses, passwords, financial details, and government records, pilfered from countless corporations and government agencies worldwide.

The forum was operated by a series of administrators, most famously Conor Brian Fitzpatrick, known by his alias “Pompompurin,” who was arrested in March 2023. Following his arrest, the site was briefly shut down but was later revived under new leadership, including an individual known as “Baphomet.” This latest takedown under Operation ACHO appears to be a more comprehensive dismantling, targeting not just the public-facing domains but also the core infrastructure and its current operators.

The Takedown: How ‘Operation ACHO’ Unfolded

Operation ACHO represents a meticulously coordinated international effort. The seizure notice itself confirms that the operation involved law enforcement agencies from multiple countries, highlighting the global nature of both the threat and the response. By seizing the forum’s backend data, authorities have gained a treasure trove of intelligence on the site’s members, their activities, and the countless data breaches they facilitated.

The investigation has already resulted in the arrest and charging of the alleged administrator known as “Baphomet”. Seizing the forum’s database, which includes user IP addresses, email addresses, and private messages, provides investigators with critical leads to identify and pursue other threat actors who used the platform. This action sends a clear message to cybercriminals: their perceived anonymity on dark web forums is not guaranteed. While the cybercrime community is resilient and will likely attempt to create new platforms, Operation ACHO serves as a powerful deterrent and a major disruption to their operations, removing a critical piece of infrastructure from the data breach economy.