BreachForums User Database Leaked, Exposing 320,000+ Accounts
On January 9, 2026, a database containing details of over 320,000 users of the cybercrime forum BreachForums was publicly released. The leaked dataset, analyzed by cybersecurity firm Resecurity, includes user display names, email addresses, password hashes (using Argon2i encryption), and links to external accounts. The data was published on shinyhunte.rs, a site previously associated with hosting corporate breach dumps.
BreachForums, a successor to the defunct RaidForums, has been a key platform for illicit activities, frequently resurfacing after takedowns. The leaked database totaling 323,986 records was accompanied by a PGP signature tied to former forum operators, lending credibility to its authenticity.
Forum administrators attributed the exposure to an unsecured directory during a restoration process in August 2025, insisting it was not the result of an active breach. However, the release of email addresses and password hashes heightens risks of user identification and potential follow-on attacks. A manifesto signed by an individual named "James" was also included, though researchers dismissed it as likely disinformation or an attempt to generate attention.
The incident underscores the persistent vulnerabilities in underground forums, even as operators attempt to downplay the severity of the leak.
Source: https://www.scworld.com/brief/breachforums-database-leak-exposes-over-320000-users
HackRead Media cybersecurity rating report: https://www.rankiteo.com/company/hackread
"id": "HAC1768252654",
"linkid": "hackread",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '323,986 users',
'industry': 'Illicit Cyber Activities',
'name': 'BreachForums',
'type': 'Cybercrime Forum'}],
'attack_vector': 'Unsecured directory during restoration process',
'data_breach': {'data_encryption': 'Passwords were hashed (Argon2i)',
'number_of_records_exposed': '323,986',
'personally_identifiable_information': 'Yes (email addresses, '
'display names, '
'external account '
'links)',
'sensitivity_of_data': 'High (PII and authentication data)',
'type_of_data_compromised': ['User display names',
'Email addresses',
'Password hashes (Argon2i)',
'External account links']},
'date_detected': '2026-01-09',
'date_publicly_disclosed': '2026-01-09',
'description': 'A database containing information on over 320,000 users of '
'the cybercrime forum BreachForums was released to the public. '
'The leaked data includes user display names, email addresses, '
'password hashes, and links to external accounts.',
'impact': {'brand_reputation_impact': 'High (for BreachForums and affected '
'users)',
'data_compromised': 'User display names, email addresses, password '
'hashes, external account links',
'identity_theft_risk': 'High (due to exposed PII and password '
'hashes)',
'systems_affected': 'BreachForums database'},
'investigation_status': 'Ongoing (authenticity claims unverified)',
'motivation': 'Likely attention-seeking or disinformation (per manifesto '
'claims)',
'post_incident_analysis': {'root_causes': 'Unsecured directory during system '
'restoration in August 2025'},
'references': [{'date_accessed': '2026-01-09', 'source': 'HackRead'},
{'date_accessed': '2026-01-09', 'source': 'Resecurity'}],
'response': {'communication_strategy': 'Administrators claimed data '
'originated from an unsecured '
'directory during restoration'},
'title': 'BreachForums User Database Leaked',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper data handling during system restoration'}