17/69 Monday, January 12, 2026
The well-known hacking forum BreachForums, a platform used for buying, selling, and sharing stolen data—as well as trading access to corporate networks and other cybercrime services-has suffered a data breach, with its user database table leaked online. The incident affects the latest incarnation of BreachForums, which has been repeatedly taken down by law enforcement in the past but continues to resurface under new domains. The forum emerged after its predecessor, RaidForums, was seized and its administrator arrested, and it has frequently been suspected of operating as a potential law-enforcement honeypot.
The leaked data was published via a website bearing the name of the ransomware group ShinyHunters, packaged in a 7-Zip archive. The archive contains several notable files, including a MyBB user table dump (databoose.sql), a private PGP key used to sign official forum communications, and additional supporting text files. Analysis shows that the mybb_users table contains 323,988 user records, including display names, registration dates, IP addresses, and other internal metadata. While many of the IP addresses resolve to internal loopback addresses (127.0.0.9), which offer limited investigative value, at least 70,296 records are linked to public IP addresses, raising operational security (OPSEC) concerns for users and providing potentially valuable leads for law-enforcement agencies and cybersecurity researchers.
The current BreachForums administrator, operating under the alias “N/A,” has acknowledged the incident, stating that the data is old, dating back to August 2025, and was exposed during a system recovery process from the previous .hn domain. According to the statement, the user table and PGP key were temporarily stored in an unprotected directory and were downloaded only once within a short time window. However, despite the PGP key being passphrase-protected, some of the leaked user data remains sensitive and could aid ongoing investigations. Following the disclosure, additional reports emerged claiming that the PGP key passphrase itself had been exposed, a claim later confirmed by independent researchers-further undermining the credibility and trustworthiness of communications originating from the forum.
