BreachForums database leak exposes over 320,000 users

A database containing information on over 320,000 users of the cybercrime forum BreachForums was released to the public on January 9, 2026. BreachForums, a platform known for its frequent disappearances and reappearances, has been a prominent hub for illicit activities since the shutdown of its predecessor, RaidForums. The leaked data, described in research by Resecurity, includes user display names, email addresses, password hashes, and links to external accounts, according to HackRead.

The leaked database, containing metadata for 323,986 users, was published on shinyhunte.rs, a site previously used to host data from various corporate breaches. The dataset was accompanied by a PGP signature linked to former forum operators, suggesting its authenticity.

While BreachForums administrators claim the data originated from an unsecured directory during a restoration process in August 2025 and does not represent an active breach, the exposed information, including Argon2i password hashes and email addresses, poses identification and attribution risks for affected users. A manifesto signed by an individual named "James" was also released alongside the data, but its claims remain unverified and are likely intended to generate attention or disinformation, researchers said.

Source: HackRead