What happened
BreachForums hacking forum database leaked, exposing 324,000 accounts after a data breach involving the MyBB user database table from the notorious BreachForums platform. On January 10, 2026, an archive named breachedforum.7z containing the databoose.sql user table and a passphrase-protected PGP private key was released online. The leaked table holds 323,988 member records, including display names, registration dates, and IP addresses, with analysis showing 70,296 records containing public IP addresses that could pose operational security (OPSEC) concerns. According to the forum administrator, the data originated from a backup created during restoration efforts in August 2025 and was temporarily stored in an unsecured folder, allowing one download. BreachForums has a history of relaunches under various domains following law enforcement actions, and the leak’s PGP key was later updated to include the correct password, as confirmed by cybersecurity firm Resecurity.Â
Who is affected
Members and administrators of BreachForums whose account records, especially those with public IP addresses, are now exposed; exposure is dependent on individuals’ continued association with the forum.Â
Why CISOs should care
Leaked user data from a hacking forum can contribute to threat actor profiling, credential reuse attacks, and broader cybersecurity community OPSEC risk, highlighting the value of monitoring underground forums for exposed intelligence.Â
3 practical actions
- Monitor credentials: Check for exposed credentials in threat intelligence feeds and breach databases.
- Educate on OPSEC: Advise security personnel and researchers on best practices for minimizing exposure on underground platforms.
- Track underground leaks: Integrate forum leak monitoring into threat hunting and risk assessment workflows.