**Infamous BreachForums Forum Breached, Spilling Data on 325K Users**
The notorious hacking forum, BreachForums, has suffered a massive data breach, exposing sensitive information tied to approximately 324,000 user accounts. The latest incarnation of the cybercrime marketplace was burgled in August 2025, revealing email addresses, usernames, and hashed passwords.
According to Have I Been Pwned, which added the incident to its database on January 10, the allegedly stolen user data was later posted to shinyhunte[.]rs, alongside a message from a self-described cyber outlaw calling himself "James." The manifesto included remarks and identifiers pointing to other miscreants allegedly involved in malicious activity.
Resecurity's analysis of the breach reveals that the leaked database includes records linked to real individuals active in the cybercrime world, including crims previously associated with groups such as GnosticPlayers. PGP keys tied to accounts using handles such as ShinyHunters and IntelBroker were also found in the dump.
One detail that caught researchers' attention was timing. The most recent registration date in the leaked database is August 11, 2025 – the same day the previous BreachForums site at breachforums[.]hn was shut down, suggesting the data was lifted as the forum was entering its final hours.
Resecurity warned that publishing the data could carry real consequences for those named. "Following the publication of this data, undoubtedly many threat actors will face difficulties in hiding their identities and an increased risk of getting arrested," the company said.
**A Rare Response from BreachForums' Administrator**
The leak also prompted a rare public response from BreachForums' current administrator, who goes by the alias N/A. In a forum post, the admin apologized for the exposure while insisting the data itself was not new:
We want to address recent discussions regarding an alleged database leak and clearly explain what happened.
First of all, this is not a recent incident. The data in question originates from an old users-table leak dating back to August 2025, during the period when BreachForums was being restored/recovered from the .hn domain.
During the restoration process, the users table and the forum PGP key were temporarily stored in an unsecured folder for a very short period of time. Our investigation shows that the folder was downloaded only once during that window.
**A Warning from Resecurity**
Resecurity warned that publishing the data could carry real consequences for those named:
We want to emphasize that publishing this data can lead to serious consequences for individuals involved. Threat actors will face difficulties in hiding their identities and an increased risk of getting arrested.
**A Dispute from ShinyHunters**
Following the publication of this article, a representative at ShinyHunters group made contact to dispute one of the findings from Resecurity:
The BreachForums dump includes only user records (username, email, password, IP, etc). Not PGP keys.
There was another file in the BreachForums dump named breachforums-pgp-key.txt. That is the PGP key of BreachForums itself.
**The Aftermath**
The data breach has exposed sensitive information tied to approximately 324,000 user accounts, and researchers warn that publishing this data could carry real consequences for those named. The incident highlights the importance of secure handling and storage of sensitive data, especially in high-risk environments like cybercrime marketplaces.