The latest version of the BreachForums hacking forum has suffered a data breach, with a database containing hundreds of thousands of user records leaked online.
BreachForums is a well-known name in the cybercrime world, used to buy, sell, and leak stolen data, as well as trade access to compromised corporate networks and other illegal services.
BreachForums emerged after the takedown of RaidForums, a predecessor platform that was seized by law enforcement and led to the arrest of its operator, known online as “Omnipotent.” Since then, BreachForums has been shut down, breached, and relaunched multiple times under different domains, fueling speculation that newer versions may be under law enforcement surveillance.
The latest leak surfaced after a website named after the ShinyHunters extortion group published a 7Zip archive titled breachedforum.7z. The archive contains three files: a text file referencing ShinyHunters, a SQL database file named databoose.sql, and a file containing BreachForums’ PGP private key. A representative of the ShinyHunters group told BleepingComputer they are not affiliated with the site that shared the archive.
The leaked PGP file is the private key used by BreachForums administrators to sign official messages. The key was created in July 2023 and is passphrase-protected, meaning it cannot be used to impersonate administrators without the password. However, an update later revealed that the passphrase was also posted online, and independent researchers confirmed it works for the leaked key.
More concerning is the databoose.sql file, which contains a MyBB users table with 323,988 user records. The data includes usernames, registration dates, IP addresses, and other internal account details. Analysis of the database shows that most records list a local loopback IP address, making them largely unhelpful. However, more than 70,000 accounts contain public IP addresses, which could pose operational security risks for users and may be valuable to law enforcement or cybersecurity researchers.
The most recent registration date in the leaked database is August 11, 2025. That date matches the shutdown of a previous BreachForums domain following the arrest of individuals believed to be involved in running the site. On the same day, a ShinyHunters member publicly claimed the forum was a law enforcement honeypot, a claim the administrators denied at the time.
The BreachForums domain was later seized by authorities in October 2025 after being used to extort companies affected by large-scale Salesforce data theft attacks linked to ShinyHunters.
The current BreachForums administrator, who goes by “N/A,” has acknowledged the leak. According to the administrator, the exposed data came from an old backup created during restoration efforts in August 2025. The backup was briefly stored in an unsecured folder and, based on their investigation, downloaded only once before being removed.
Despite reassurances that many IP addresses point to local systems and that users should rely on disposable email addresses, the leaked database still contains information that could have serious consequences for forum members.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
(via Bleepingcomputer)
