The most recent incarnation of the infamous BreachForums hacking discussion board has suffered an information breach, with its person database desk leaked on-line.
BreachForums is the title of a sequence of hacking boards used to commerce, promote, and leak stolen information, in addition to promote entry to company networks and different unlawful cybercrime companies.
The location was launched after the primary of those boards, RaidForums, was seized by regulation enforcement, with the proprietor, “All-powerful”, arrested.
Whereas BreachForums has suffered information breaches and police actions in the previous, it has been repeatedly relaunched underneath new domains, with some accusing it of now being a honeypot for regulation enforcement.
Yesterday, an internet site named after the ShinyHunters extortion gang launched a 7Zip archive named breachedforum.7z.
This archive comprises three recordsdata named:
- shinyhunte.rs-the-story-of-james.txt
- databoose.sql
- breachedforum-pgp-key.txt.asc
A consultant of the ShinyHunters extortion gang instructed BleepingComputer they don’t seem to be affiliated with the location that distributed this archive.
The archive’s ‘breachedforum-pgp-key.txt.asc’ file is the PGP non-public key created on July 25, 2023, and utilized by BreachForums to signal official messages from the directors. Whereas the important thing has been leaked, it’s passphrase-protected, and with out the password, it could possibly’t be abused to signal messages.
Supply: BleepingComputer
The “databoose.sql” file is a MyBB customers database desk (mybb_users) containing 323,988 member data that embrace member show names, registration dates, IP addresses, and different inner info.
BleepingComputer’s evaluation of the desk exhibits that the majority of the IP addresses map again to an area loopback IP handle (0x7F000009/127.0.0.9), so they don’t seem to be of a lot use.
Nevertheless, 70,296 data don’t comprise the 127.0.0.9 IP handle, and the data we examined map to a public IP handle. These public IP addresses may very well be an OPSEC concern for these folks and useful to regulation enforcement and cybersecurity researchers.
The final registration date within the newly leaked person database is from August 11, 2025, which is similar day that the earlier BreachForums at breachforums[.]hn was closed. This shutdown adopted the arrest of a few of its alleged operators.
That very same day, a member of the ShinyHunters extortion gang posted a message on the “Scattered Lapsus$ Hunters” Telegram channel, claiming the discussion board was a law-enforcement honeypot. The BreachForums directors subsequently denied these allegations.
The breachforums[.]hn area was later seized by regulation enforcement in October 2025 after it was repurposed to extort firms impacted by the widespread Salesforce information theft assaults performed by the ShinyHunters extortion group.
The present BreachForums administrator, often called “N/A,” has acknowledged the brand new breach, stating {that a} backup of the MyBB person database desk was quickly uncovered in an unsecured folder and downloaded solely as soon as.
“We wish to handle latest discussions relating to an alleged database leak and clearly clarify what occurred,” N/A wrote on BreachForums.
“To begin with, this isn’t a latest incident. The info in query originates from an outdated users-table leak relationship again to August 2025, throughout the interval when BreachForums was being restored/recovered from the .hn area.”
“In the course of the restoration course of, the customers desk and the discussion board PGP key had been quickly saved in an unsecured folder for a really brief time period. Our investigation exhibits that the folder was downloaded solely as soon as throughout that window,” continued the administrator.
Whereas the administrator mentioned that BreachForums members ought to use disposable e-mail addresses to cut back threat and that the majority IP addresses mapped to native IPs, the database nonetheless comprises info that may very well be of curiosity to regulation enforcement.
It is funds season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, establish rising tendencies, and examine their priorities as they head into 2026.
Learn the way prime leaders are turning funding into measurable affect.
