On January 9, 2026, a database belonging to BreachForums, a infamous cybercrime and hacker discussion board accessible on each clear and the “Darkish Internet,” was launched to the general public, placing over 320,000 customers within the highlight.
BreachForums, as we all know it, is not any stranger to drama. The platform has a historical past of getting seized by legislation enforcement authorities or vanishing and reappearing. It had grow to be the go-to website for these actions after the police shut down its predecessor, RaidForums, again in 2022. In early April 2025, the discussion board immediately disappeared with out rationalization.
Whereas many suspected a police raid, Hackread.com reported on the time that the location disappeared resulting from a safety difficulty quite than a seizure. By July 2025, the discussion board was again on-line.
The Leaked Database
Resecurity, which shared its analysis with Hackread.com, discovered that the leaked file comprises data on 323,986 customers, together with their “metadata extracted from MySQL DB,” which is principally a digital footprint that would assist determine the individuals behind the screens.
The database was printed on shinyhunte.rs, a website that has beforehand hosted stolen datasets and isn’t beneficial for direct entry because of the danger of malicious content material. The identical platform has been used within the previous to leak knowledge linked to Fujifilm, GAP Inc., Vietnam Airways, Engie Sources, Qantas Airways Restricted, and Albertsons Firms, following incidents tied to a Salesforce-related compromise.
The BreachForums database was accompanied by a sound PGP signature traditionally related to earlier discussion board operators, indicating the dataset is genuine and certain originated from inner discussion board programs.
To your data, ShinyHunters is a part of a consistently shifting alliance. You may hear names like Scattered Lapsus$ Hunters or a neighborhood referred to as ‘The Com.’ These should not simply random names; they characterize a ‘supergroup’ of younger hackers who’ve joined forces to share instruments and targets.
Researchers defined in one other report that they use ShinyHunters as a broad label to “illustrate the phenomenon of involving younger IT professionals in questionable acts.” By highlighting this, they hope to warn different proficient younger individuals to keep away from these felony circles.
Hackread.com additionally independently reviewed the leaked dataset and located that, along with normal profile metadata, it comprises person show names, e-mail addresses, Argon2i password hashes, and hyperlinks to exterior accounts resembling Telegram. Whereas the passwords should not saved in plaintext, the mix of those knowledge factors should still carry identification and attribution dangers for affected customers.
Response from BreachForums
A BreachForums administrator utilizing the alias N/A responded to experiences of a database leak by claiming the uncovered knowledge originated from an outdated incident in August 2025, throughout a discussion board restoration course of following the .hn area takedown. In line with the administrator, the customers desk and the discussion board’s PGP key have been briefly saved in an unsecured listing and downloaded as soon as throughout that interval.
The admin careworn that the incident didn’t contain server compromise, database entry, or exploitation, and described present claims of an lively breach as false. They added that passwords within the dataset have been saved as Argon2i hashes, IP addresses have been largely truncated, and remaining fields consisted of publicly seen data. The discussion board mentioned all classes have been revoked on the time, and restoration procedures have since been secured.
The “James” Message Circulating With the Leak
Alongside the leaked database, a prolonged manifesto signed by a person calling himself “James” was additionally printed on shinyhunte.rs. The textual content contained dramatic claims, threats, and references to a number of cybercrime figures and teams, introduced in a extremely theatrical and ideological tone.
There isn’t any unbiased verification of the claims made within the message, and such manifestos are generally used inside underground boards to impress consideration, unfold disinformation, or confuse attribution. The looks of the textual content doesn’t verify the id of the writer or the people named and must be handled as unverified rhetoric quite than factual disclosure.
Why This Leak Issues
As we all know it, it is extremely uncommon for felony organisations to be uncovered so totally. This incident exhibits that even probably the most malicious teams might be susceptible to the identical failures they exploit in others.
Researchers famous that publicity of felony infrastructure can have a broader defensive influence than typical company breaches, as it could disrupt illicit networks and deter future recruitment. By sharing the database for unbiased evaluation, researchers hope to interrupt the cycle of cybercrime and discourage future involvement in such communities.
