BreachForums, a popular hacking-related forum that is on both the clear net and dark web, offers posts about how to “dox” individuals using open source intelligence (OSINT). Ironically, perhaps, some former or current BreachForums users are discovering this week that they have been doxed, and their doxes have been or will be released publicly. A list provided to DataBreaches by one of the people involved included draft doxes on almost two dozen individuals, including some past and current moderators of Breached[.]vc and BreachForums[.]st.
As of publication, the doxes of nine people have been publicly released or made available on several Telegram channels. The doxes were reportedly compiled by Telegram users https://t.me/BalkanPartyClub and https://t.me/slut.
With so many people potentially affected and with the threat actor known as “Kmeta” taking responsibility for it, DataBreaches asked him if he’d agree to answer some questions. The following exchange took place on Telegram between DataBreaches’ DissentDoe account [“DD”] and one of Kmeta’s accounts [“K”]. The interview has been lightly edited to correct typos and to save space.
The Interview
DD: Let’s start out with “who are you?” Who is taking responsibility for doxing all these people?
K: Kmeta. I am Kmeta.
DD: When I first interviewed you as “Impotent” last year, you told me that “Kmeta” was one of your monikers. Is Kmeta just you, or is Kmeta a group or….?
K: Kmeta is a group of people. The other person you have spoken to is a member of the group.
DD: Why have you doxed the specific people you have doxed?
K: No reason. We also plan to release doxes on a lot of valuable high-repped users, but there is nothing personal towards most users.
DD: You have been bad-mouthing and attacking BreachForums for more than a year now, as far as DataBreaches has noticed. Are you trying to destroy BreachForums because you see them as a competitor or for some other reason? Or aren’t you trying to destroy them?
K: The time has come that the legacy of BreachForums has to stop. Four user databases’ backups are floating around: Raidforums, Breached of Pom, and now two are floating of the copycat forum [BreachForums[.]st]. It puts many in danger. It is just awful to think about how Pom sold the 230k+ users for less than 0.01 USD per person. YES! He valued you at less than a cent.
DD: You just claimed that the owner of Breached[.]vc [Conor Fitzpatrick, aka “Pompompurin”] sold users’ data. Some readers of DataBreaches.net may be unaware of claims the data was sold for $4k (USD). Can you be more specific?
K: Yes. Pompompurin sold the data of 220k users for 4k, he valued his users at $0.01 each.
DataBreaches notes that after the owner (“Pompompurin”) of Breached[.]vc was arrested, he allegedly reached out to try to sell the user database for $4k. The database was later leaked. In discussing the alleged sale and subsequent leak of that database, the Telegram user known as “Emo” alleged:
If you are annoyed at the fact the database was leaked then here is a list of everyone involved in the circulation of the database:
https://bf.based.re/search/pompompurin
https://bf.based.re/search/dedale
https://bf.based.re/search/emo
https://bf.based.re/search/killkikes
https://bf.based.re/search/shinyhunters
https://bf.based.re/search/mary
https://bf.based.re/search/KmetaNaEvropa
https://bf.based.re/search/RoyalNavy
Significantly, perhaps, the Breached[.]vc user database wasn’t the first user database that Kmeta was involved in leaking. The RaidForums user database had previously been leaked on Exposed[.]vc.
DD: If they hadn’t already realized the risk of using BreachForums after the RaidForums database was leaked and after the Breached[.]vc user database was sold and leaked, do you really think doxing users will get them to understand that BreachForums is not a secure forum for people who are engaging in illegal activities?
K: It will not really make them understand it, they will just feel it. The point of this so-called project is to make BF untrusted. As it should be.
Note: DataBreaches will not be linking to individuals’ doxes or naming the individuals who have been doxed. Nor is DataBreaches attempting to verify the accuracy or claims of any dox. DataBreaches did ask Kmeta some general questions about the doxes, however.
DD: So how did you find the identity information and details that you included in these doxes? What sources and methods did you use?
K: I used mostly the leaked data sets. They are a piece of cake. And fun fact is some users who registered on breached[.]vc with their personal gmail and with a self hosted vpn or none tend to now change their opsec tactics in BreachForums 2, as much as they don’t realize that any time they clicked on the mouse, they left a footprint. A footprint that will stay for years online.
DD: There’s a short thread on BreachForums about the doxing in which a user called “Taken” commented: “i think lik if u werent registered 2y ago they dont rlly have much matyerial.” Is that an accurate guess?
K: They are right. Not really much material but still some material. Nothing is forever. Every database someday gets leaked, and you, my friend, can be in it. And yes, some people are newly registered. But some are such idiots that a username is enough to start with.
DD: How confident are you that you have accurately identified people in those cases where you provide real names or photos?
K: I don’t need to be confident when I see facts. It’s simple OSINT. Imagine you dipped a mouse in paint. How likely is it that there is another mouse in the paint leaving footprints?
DD: Considering I was doxed on one of the forums, and it was seriously inaccurate, it may be simple OSINT, but that doesn’t mean everyone produces an accurate dox.
K: I am sorry, but you were doxed by a clown named Sheriff, the same guy who has a hard time using FTP. Please don’t insult me.
DD: So, how hard is it to dox someone? Can you give me some sense of how long it took you to get each person’s dox?
K: For some people it takes quite a while, but for some people it takes one simple lookup with the most basic engines to get an understanding of who he is.
DD: You make it sound relatively easy. Have there been any individuals that you have found more challenging or difficult to dox?
K: Some people are quite hard to dox, but BreachForum users are especially easy because I have a really good starting point for 3-4 records on cybercrime databases, and dozens on other services or platforms.
DD: Although I see some moderators listed, the people whose doxes you have already released are not the most prominent or powerful people. Have you also doxed past and current owners as well as moderators?
K: “No comment” on who is next to be posted, but we do plan to release the doxes of many other users, including staff teams.
DataBreaches notes that info from the Breached[.vc] database was already posted on BreachForums in July for the current owner of the former and two moderators. At the time, the forum owner responded, “i already seen it , i got no thing to worry about :P”
DD: Do you have any concerns that any of the people you doxed might seek revenge on you online or offline?
K: I think they should seek revenge on the staff team, not on me. I just compile the information they left out in danger.
DD: Some of the people you doxed may be very young kids. Do you have any concerns or regrets about creating this kind of digital footprint that might follow them when they are older?
K: No, I do not.
DD: Do you have any concerns or regrets about actually outing people by their real names if it leads to the arrest of kids or young teens?
K: No, I do not.
DD: Why don’t you have any regrets or concerns about either?
K: I think you know me well enough to know that my moral compass is not really working.
DD: If someone sees what you’ve done and is now concerned for their own safety, what should they do to protect themselves — or are they just sitting ducks and there’s nothing they can do?
K: I do not know what they should do. It’s never too late for a fresh start. But I would suggest that next time, do not register on BreachForums.
DD: If someone is afraid you have doxed them and will release it, or that you may dox them, can they pay you a fee not to release their dox or to dox them?
K: Actually already as of the time of writing, two people contacted me to ask if they can be assured they won’t be posted. No, there is no way to get out of it. If you are unlucky, then you just eat what you planted.
DD: If you decline a monetary inducement not to dox or release a dox, is there anything they could do to persuade you not to dox them or to release their dox?
K: Well, it depends on the situation. And just to let your readers know, I did not ransom DataBreaches for this interview haha. If people want to contact me about their dox, they can reach me at https://kmeta[.]vc.
DD: Is there anything I haven’t asked you that you wish I had asked you?
K: No.
DD: Okay. Thank you for your time.
A Note About Kmeta
When DataBreaches interviewed Kmeta in August 2023, he made a number of claims that people thought were so outrageous that he must be a skid or larping. Since that time, DataBreaches has gotten to know a lot more about him and has been able to find media reports in his country about some of his bigger crimes. DataBreaches realizes, however, that some people will continue to be skeptical about anything he says and continue to think he’s a skid.
Whatever one thinks of Kmeta — and from what DataBreaches has learned about him over time, he was quite honest in admitting he does not have a working moral compass like most people have — at least some BreachForum users really are at risk of imminently being doxed. To young people who may be afraid that law enforcement will come knocking on their door to arrest them or raid them if they are doxed: law enforcement will not act based only on a dox posted online. That said, if you are doxed accurately with your real identity and have been linked to illegal acts that are likely to make you a target for law enforcement, you may want to consult a lawyer.
Have You Been Doxed?
As noted above, DataBreaches does not link to personally identifiable information that has been hacked or leaked. Nor is this site interested in naming people who have been doxed unless they are public figures or have already been charged by law enforcement.
That said, if you have been doxed as part of this Kmeta project and would like to share your reaction or thoughts, you can submit comments to me via this post, or via e-mail. In particular, please consider responding to the following question: Will this experience make you trust BreachForums less or even leave it, or will it have no effect or the opposite effect? Why?
Updates: This post was updated post-publication to update one of the doxers’ Telegram accounts. Alleged A/K/As were also removed from allegations made by a poster on Telegram.