- BreachForums user database (323,988 records) leaked, exposing usernames, registration dates, and IP addresses
- Around 70,000 public IPs could help identify real users; most entries were useless loopback addresses
- Admin confirmed leak stemmed from August 2025 restoration; ShinyHunters denied involvement in hosting site
Someone has leaked the entire list of usernames, IP addresses, and other data, from BreachForums, the infamous underground hacking community – but exactly who, and why, remains to be seen.
A website named after the ShinyHunters ransomware operator recently emerged online, being used to host a 7Zip archive titled breachedforum.7z.
This archive contained a few files, including a database table with 323,988 member records, which contained member display names, the dates of registration, IP addresses, and other internal information.
ShinyHunters denies involvement
While user accounts don’t mean much for researchers or law enforcement – IP addresses just might. Most of them map back to a local loopback IP address (0x7F000009/127.0.0.9), BleepingComputer reported, saying they “are not of much use”.
Still, just above 70,000 addresses do not contain the 127.0.0.9 IP address, and map to a public IP address, which means they could, in theory, be used to identify actual people behind the usernames.
The forum’s administrator confirmed the breach, saying that a backup of the MyBB user database table was temporarily exposed to the internet and downloaded just once.
“First of all, this is not a recent incident. The data in question originates from an old users-table leak dating back to August 2025, during the period when BreachForums was being restored/recovered from the .hn domain,” they said.
“During the restoration process, the users table and the forum PGP key were temporarily stored in an unsecured folder for a very short period of time. Our investigation shows that the folder was downloaded only once during that window,” they added.
Who leaked the data also remains a mystery. The ShinyHunters group denied any involvement and said they have nothing to do with the website that was propped up in their name. When BreachForums was restored last summer, after a law enforcement raid, this group said the forum was now a honeypot built by the police, to trap other hackers and cybercriminals.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-2560-80.jpg
Source link
