A leaked database from the infamous BreachForums site has surfaced following a falling-out among cybercriminals.
According to Infosecurity Magazine, a website linked to the ShinyHunters hacking collective published a compressed archive containing a full database dump from BreachForums on January 9, 2026. The file, titled breachedforum.7z, included SQL data for 323,986 registered users from a table tied to the forum’s MyBB forum software. Along with the database, the archive reportedly contained a lengthy message and a PGP key that may have been used by forum administrators.
Security firm Resecurity, which analyzed the leak, said the data appears to have been extracted due to a misconfiguration or application flaw, though the precise method has not been confirmed. The dataset includes usernames, email addresses, IP addresses, registration dates, and password hashes. While some IP addresses in the leak appear to be dummy data or local loopbacks, other entries could aid investigators in piecing together real identities.
According to Resecurity, “The database includes meta-data of 323,986 users extracted from MySQL DB table named ‘hcclmafd2jnkwmfufmybb_users’ relevant to MyBB, an open source forum software.” They further said that “The database could be acquired as a result of a web application vulnerability in a CMS or through possible misconfiguration… Some of the records identified in the database are definitely authentic and can be cross-checked with other sources regarding specific actors.”
BreachForums was created in 2022 as the successor to the seized RaidForums and quickly grew into a hub for trading stolen data, hacking tools, and illegal services. Over the past few years, law enforcement actions have repeatedly disrupted the site, including seizures of domains by the FBI and French police in late 2025.
Despite this, the forum has resurfaced under different operators, including groups tied to ShinyHunters. This latest leak comes amid internal controversy and allegations between rival cybercriminal factions, with the archive’s accompanying message reportedly authored by someone using the pseudonym “James.”
The BreachForums leak turns cybercrime tactics against the criminals themselves, exposing the fragility of the anonymity these platforms rely on. As Resecurity notes, “This incident proved that data breaches are possible not only with legitimate businesses but also cybercriminal resources generating damage and operating on the Dark Web — which can have a much greater positive impact.”
Additionally, the incident also indicates that dark web platforms are not immune to the same misconfigurations, insider disputes, and operational failures that plague legitimate organizations.
See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)
The leak reinforces the risks of centralized platforms and may drive threat actors toward encrypted messaging apps or invite-only networks that are harder to monitor but also harder to scale.
Yes. Rival threat actors could use the leaked data for doxxing, extortion, account takeover attempts, or retaliation against other cybercriminals.