On January 9, 2026, a database belonging to BreachForums, a infamous cybercrime and hacker discussion board accessible on each clear and the “Darkish Internet,” was launched to the general public, placing over 320,000 customers within the highlight.
BreachForums, as we all know it, is not any stranger to drama. The platform has a historical past of getting seized by regulation enforcement authorities or vanishing and reappearing. It had change into the go-to website for these actions after the police shut down its predecessor, RaidForums, again in 2022. In early April 2025, the discussion board all of a sudden disappeared with out clarification.
Whereas many suspected a police raid, Hackread.com reported on the time that the positioning disappeared as a result of a safety challenge relatively than a seizure. By July 2025, the discussion board was again on-line.
The Leaked Database
Resecurity, which shared its analysis with Hackread.com, discovered that the leaked file comprises info on 323,986 customers, together with their “metadata extracted from MySQL DB,” which is mainly a digital footprint that would assist establish the folks behind the screens.
The database was printed on shinyhunte.rs, a website that has beforehand hosted stolen datasets and isn’t really helpful for direct entry as a result of danger of malicious content material. The identical platform has been used within the previous to leak information linked to Fujifilm, GAP Inc., Vietnam Airways, Engie Assets, Qantas Airways Restricted, and Albertsons Corporations, following incidents tied to a Salesforce-related compromise.
The BreachForums database was accompanied by a sound PGP signature traditionally related to earlier discussion board operators, indicating the dataset is genuine and sure originated from inside discussion board methods.
In your info, ShinyHunters is a part of a continuously shifting alliance. You may hear names like Scattered Lapsus$ Hunters or a neighborhood referred to as ‘The Com.’ These will not be simply random names; they symbolize a ‘supergroup’ of younger hackers who’ve joined forces to share instruments and targets.
Researchers defined in one other report that they use ShinyHunters as a broad label to “illustrate the phenomenon of involving younger IT professionals in questionable acts.” By highlighting this, they hope to warn different proficient younger folks to steer clear of these legal circles.
Hackread.com additionally independently reviewed the leaked dataset and located that, along with basic profile metadata, it comprises person show names, electronic mail addresses, Argon2i password hashes, and hyperlinks to exterior accounts similar to Telegram. Whereas the passwords will not be saved in plaintext, the mix of those information factors should still carry identification and attribution dangers for affected customers.
Response from BreachForums
A BreachForums administrator utilizing the alias N/A responded to stories of a database leak by claiming the uncovered information originated from an previous incident in August 2025, throughout a discussion board restoration course of following the .hn area takedown. In keeping with the administrator, the customers desk and the discussion board’s PGP key have been briefly saved in an unsecured listing and downloaded as soon as throughout that interval.
The admin pressured that the incident didn’t contain server compromise, database entry, or exploitation, and described present claims of an lively breach as false. They added that passwords within the dataset have been saved as Argon2i hashes, IP addresses have been largely truncated, and remaining fields consisted of publicly seen info. The discussion board mentioned all periods have been revoked on the time, and restoration procedures have since been secured.
The “James” Message Circulating With the Leak
Alongside the leaked database, a prolonged manifesto signed by a person calling himself “James” was additionally printed on shinyhunte.rs. The textual content contained dramatic claims, threats, and references to a number of cybercrime figures and teams, offered in a extremely theatrical and ideological tone.
There is no such thing as a impartial verification of the claims made within the message, and such manifestos are generally used inside underground boards to impress consideration, unfold disinformation, or confuse attribution. The looks of the textual content doesn’t verify the identification of the writer or the people named and ought to be handled as unverified rhetoric relatively than factual disclosure.
Why This Leak Issues
As we all know it, it is vitally uncommon for legal organisations to be uncovered so totally. This incident reveals that even probably the most malicious teams could be weak to the identical failures they exploit in others.
Researchers famous that publicity of legal infrastructure can have a broader defensive impression than typical company breaches, as it could disrupt illicit networks and deter future recruitment. By sharing the database for impartial evaluation, researchers hope to interrupt the cycle of cybercrime and discourage future involvement in such communities.
