Cyber Threat Actor: pompompurin
| Actor Type | Location | Known Incidents |
Hacker
|
—
|
4 incidents |
|---|
Profile
pompompurin, also known as Bleed, is a well-known threat actor recognized for compromising diverse online platforms and leaking stolen data. This hacker operates the Breached.co cybercrime forum, established after the seizure of RaidForums, positioning themselves within the data breach trading ecosystem. Their activities involve exploiting security vulnerabilities across multiple sectors, including consumer electronics, entertainment, and novelty services, with no discernible geographic focus beyond global victim distribution. While financial motives remain unconfirmed in disclosed incidents, the actor’s pattern of unauthorized data access and public disclosure aligns with objectives of disruption or notoriety rather than direct extortion.
Notable operations include the 2023 breach of Casio’s ClassPad education platform, where operational errors enabled access to customer data across 149 countries. The actor exploited an SQL injection vulnerability against ShitExpress, a fecal gifting service, exfiltrating and leaking 29,000 orders containing inflammatory messages. In 2022, pompompurin compromised Mangatoon’s Elasticsearch database via weak credentials ("password"), exposing 23 million comic platform accounts, and later threatened to leak the data. They also claimed involvement in an unverified breach of survey firm QuestionPro, alleging theft of 22 million records. Initial access consistently leveraged poor security practices—SQL injection, misconfigured databases, or weak credentials—without evidence of advanced malware or persistent tooling. The actor’s public communications emphasize breaching inadequately protected systems, sharing samples to validate claims, and leveraging forums to disseminate stolen information. No affiliations with state actors or criminal groups are explicitly cited in available reporting.
