- BreachForum’s user database (323,988 records) leaked, revealing usernames, registration dates and IP addresses
- About 70,000 public IPs could help identify real users; most entries were useless loopback addresses
- Admin confirmed that the leak was from August 2025 restoration; ShinyHunters denied involvement in website hosting
Someone has leaked the entire list of usernames, IP addresses and other data from BreachForums, the notorious underground hacking community – but exactly who and why is still unknown.
A website named after the ShinyHunters ransomware operator recently surfaced online, used to host a 7Zip archive titled breachedforum.7z.
This archive contained a few files, including a database table of 323,988 member registrations, which contained member display names, registration dates, IP addresses, and other internal information.
ShinyHunters denies involvement
Although user accounts don’t mean much to researchers or law enforcement – IP addresses just might. Most of them trace back to a local circuit IP address (0x7F000009/127.0.0.9), Bleeping Computer reported saying they are “not of much use”.
Still, just over 70,000 addresses do not contain the 127.0.0.9 IP address and are linked to a public IP address, meaning they could in theory be used to identify actual people behind the usernames.
The forum’s administrator confirmed the breach, saying that a backup copy of the MyBB user database table was temporarily exposed to the Internet and downloaded only once.
“First of all, this is not a recent incident. The data in question comes from an old user table leak dating back to August 2025, during the period when BreachForums was recovered/restored from the .hn domain,” they said.
“During the restore process, the user table and forum PGP key were temporarily stored in an unsecured folder for a very short period of time. Our investigation shows that the folder was downloaded only once in that window,” they added.
Who leaked the data also remains a mystery. The ShinyHunters group denied any involvement and said they have nothing to do with the website being supported in their name. When BreachForums was restored last summer, following a law enforcement raid, this group said the forum was now a honeypot built by police to catch other hackers and cybercriminals.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
