In a dramatic turn for the cybercrime underworld, a mysterious hacker known as \u201cJames\u201d has leaked the complete user database of BreachForums, a notorious Dark Web forum serving as a hub for stolen data trading and hacking discussions.<\/p>\n
The breach, announced on January 9, 2026, via the site shinyhunte.rs<\/em>, exposes metadata for over 323,986 users, including admins, moderators, and regular members, potentially dooming many to law enforcement scrutiny.<\/p>\n This incident underscores the irony of cybercriminals falling victim to their own vulnerabilities.paste.txt\u200b<\/p>\n BreachForums emerged in 2022 as the successor to RaidForums, which U.S. authorities seized amid investigations into data trafficking.<\/p>\n The forum, powered by MyBB software<\/a>, facilitated sales of breached datasets, hacking tools, and illicit services, often hosted via DDoS-Guard and Tor mirrors despite repeated takedowns.<\/p>\n Key disruptions included the 2023 arrest of founder Conor Fitzpatrick, who received a 20-year supervised release sentence, and a 2024 domain seizure swiftly reclaimed by operators ShinyHunters<\/a>.<\/p>\n ShinyHunters, linked to groups like Scattered LAPSUS Hunters, relaunched the site multiple times, surviving French arrests in June 2025 and FBI seizures of extortion portals. The forum\u2019s resilience relied on frequent domain switches and Dark Web presence, but underlying MyBB flaws proved fatal.<\/p>\n The dumped MySQL database, from table \u201chcclmafd2jnkwmfufmybbusers,\u201d reveals usernames, hashed passwords (Argon2), emails, IP addresses, registration dates, and PGP keys for high-profile accounts like ShinyHunters, Hollow, and IntelBroker.<\/p>\n Analysis shows admins (4), super moderators (3), and mods (6), with user origins spanning the U.S. (largest share), Germany, Netherlands, France, Turkey, UK, and MENA regions like Morocco and Egypt.<\/p>\n Screenshots from attached images depict the shinyhunte.rs page with \u201cDOOMSDAY: The Story of James\u201d manifesto and a pie chart visualizing user countries, highlighting U.S. dominance. James claims the breach stemmed from a web app vulnerability or misconfiguration, turning the criminals\u2019 haven into a liability.<\/p>\n Under the banner \u201cDoomsday,\u201d James portrays himself as a \u201cpredator\u201d transcending generations, boasting infiltrations of Google, Microsoft, the FBI, the NSA, and more.<\/p>\n He names alleged operators like Dorian Dali (Kams), Nahyl Ojeda (INDRA), Ali Aboussi (Kernel), and founders Prosox\/Kuroish, vowing their downfall for betraying a higher purpose. Addressing French readers, James positions himself as a protector against these \u201cchildren\u201d he once mentored, linking to anti-France activities.<\/p>\n The text blends hacker lore with philosophical rants on power, evil, and redemption, echoing past underground manifestos.<\/p>\n This self-inflicted wound exposes plaintext risks even on Dark Web sites, amplifying arrest threats amid global crackdowns. Victims face doxxing, while law enforcement gains leads on ShinyHunters derivatives within \u201cThe Com\u201d network. Resecurity, sharing<\/a> the dump for analysis, warns of broader disruptions to extortion rackets targeting firms like Salesforce.<\/p>\n As James declares \u201cno place to hide,\u201d the BreachForums saga illustrates cybercrime\u2019s fragility, predators devoured by a greater one.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post BreachForums Hack: Hackers Expose All User Records from Popular Dark Web Forum<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nBreachForums Data Breach<\/strong><\/h2>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgWOP42Nhen0ZhYGZGcvopUE7peCmyVTYZNXGpkZmoZvk7bQocVdrHKAuUSMF-1bPbe5QYq0LoBBsW23VUHxD23oCgPRrGPYJdytgXLotvKG0YAjCx_3UVoO4VhpKYSQi2AI3wtJ5pjnPuDzUmGzqnvu2efSDG-gwlrCcLRSVzmcDXBtt3e7vbnsDbntqwp\/s16000\/BreachForums%2520Hack1.webp?ssl=1\")
<\/figure>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjn19Ak2N6tZOJ7B5dxXfKoDCAxC2FqpSzVBNpZFRMUqtS7heY55Cqd6A-XfdsPkG4mRUpluY0Qt7kaTqdDqdBG-J4Nq3s9Ztnsmc-Y1-uPVMw6Zto5HdHI3YaPa1RXYZ47LXY0b4uCMfGKDrY_sHfGiKl1m08Ou1XwgzGOWu4obOMlRXycgXY_p6EGWF2u\/w640-h418\/BreachForums%2520Hack.webp?ssl=1\")
<\/figure>\n<\/div>\n