Hacking hub BreachForums hit by data breach - 324,000 accounts exposed

News
By published

Names and IP addresses of BreachForums users apparently leaked

hacker hands at work with interface around
(Image credit: Shutterstock)
  • BreachForums user database (323,988 records) leaked, exposing usernames, registration dates, and IP addresses
  • Around 70,000 public IPs could help identify real users; most entries were useless loopback addresses
  • Admin confirmed leak stemmed from August 2025 restoration; ShinyHunters denied involvement in hosting site

Someone has leaked the entire list of usernames, IP addresses, and other data, from BreachForums, the infamous underground hacking community - but exactly who, and why, remains to be seen.

A website named after the ShinyHunters ransomware operator recently emerged online, being used to host a 7Zip archive titled breachedforum.7z.

This archive contained a few files, including a database table with 323,988 member records, which contained member display names, the dates of registration, IP addresses, and other internal information.

ShinyHunters denies involvement

While user accounts don’t mean much for researchers or law enforcement - IP addresses just might. Most of them map back to a local loopback IP address (0x7F000009/127.0.0.9), BleepingComputer reported, saying they “are not of much use”.

Still, just above 70,000 addresses do not contain the 127.0.0.9 IP address, and map to a public IP address, which means they could, in theory, be used to identify actual people behind the usernames.

The forum’s administrator confirmed the breach, saying that a backup of the MyBB user database table was temporarily exposed to the internet and downloaded just once.

"First of all, this is not a recent incident. The data in question originates from an old users-table leak dating back to August 2025, during the period when BreachForums was being restored/recovered from the .hn domain,” they said.

"During the restoration process, the users table and the forum PGP key were temporarily stored in an unsecured folder for a very short period of time. Our investigation shows that the folder was downloaded only once during that window," they added.

Who leaked the data also remains a mystery. The ShinyHunters group denied any involvement and said they have nothing to do with the website that was propped up in their name. When BreachForums was restored last summer, after a law enforcement raid, this group said the forum was now a honeypot built by the police, to trap other hackers and cybercriminals.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.