The infamous ShinyHunters hacker group has stepped away from BreachForums, calling it a “waste of time” after the FBI seizure in October 2025. At the same time, the group has released an updated database affecting more than 300,000 BreachForums users.
Early checks indicate that even recently created accounts are included in the leak. Analysis of the leaked data by Hackread.com confirms that it contains full account profiles, not just basic user credentials. These include:
- Username
- User ID (uid)
- Password salt
- Email address
- Last active time
- Registration date
- Login key (session token)
- Hashed password (Argon2i)
- Login attempts and lockout data
- Last visit and last post timestamps
- IP addresses (registration IP and last IP)
- Signature content (including Telegram handles, PGP links, external URLs)
and much more…
For context, BreachForums is a cybercrime and hacker forum known for leaking and selling breached and stolen databases, inforstealer logs, and PII from around the world.
ShinyHunters Says All Active BreachForums Domains Are Fake
In a statement posted on its dark web site, which is also being used to release Salesforce-related data, the group rejected all current versions of BreachForums. It described them as fake and listed multiple domains such as .sb, .ac, .fi, .bf, and .us.
ShinyHunters also claimed it holds full backups of BreachForums and warned that more data will be released unless all active forums shut down. According to the group, the dataset includes private messages, email addresses, IP records, and forum posts.
The group added that it has exploits for several versions of MyBB, the forum software used by many platforms linked to BreachForums. This claim points to further risk for any active or revived instances of the forum.
“BreachForums has been run by many fakes, but not by us anymore, following the FBI seizure on 10 Oct 2025. Maintaining such an ecosystem is a waste of our time. There was an unauthorised leak on 9 Jan 2026. Ever since then, false personas going by “N/A“ and “Indra“ were successfully able to restore a similar-looking “legitimate“ forum. All the current forums are fake . If they continue to exist, we’ll leak all the BF backups, including every private message, emails, IP addresses, posts, ect. We have exploits for all 1.8 versions of MyBB.”
ShinyHunters
So Who’s Running These Forums?
It remains unclear who is behind the multiple versions of BreachForums. Two possibilities are being discussed: first, opportunistic cybercriminals exploiting the popularity of the “BreachForums” name, or second, law enforcement agencies running honeypots to identify and track cybercriminal activity.
Either way, if you are active on any of these forums, your data could be exposed by ShinyHunters in the coming days, based on their claims.
RELATED POSTS
- MyFitnessPal-Owned Cal AI Hit by Data Breach Affecting 3M Users
- Database of 323k BreachForums Users Leaked, Admin Disputes Scope
- ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data
- ShinyHunters Leak Millions of SoundCloud, Crunchbase, Betterment Data
- ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security
