ShinyHunters Walk Away from BreachForums, Leak 300,000-User Database

Summary

ShinyHunters announced its departure from BreachForums following the FBI's October 2025 seizure, calling the platform a "waste of time," and simultaneously released a database containing over 300,000 user records including credentials, IP addresses, and session tokens. The group claims all currently active BreachForums domains are fake and threats to release complete forum backups (private messages, emails, posts) unless the platforms shut down, citing possession of exploits for MyBB forum software versions. The leaked data affects recently created accounts and includes comprehensive user profiles with registration IPs, hashed passwords, and Telegram handles.

Full text

Data Breaches Cyber CrimeShinyHunters Walk Away from BreachForums, Leak 300,000-User Database ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups. byWaqasMarch 27, 20262 minute read The infamous ShinyHunters hacker group has stepped away from BreachForums, calling it a “waste of time” after the FBI seizure in October 2025. At the same time, the group has released an updated database affecting more than 300,000 BreachForums users. Early checks indicate that even recently created accounts are included in the leak. Analysis of the leaked data by Hackread.com confirms that it contains full account profiles, not just basic user credentials. These include: Username User ID (uid) Password salt Email address Last active time Registration date Login key (session token) Hashed password (Argon2i) Login attempts and lockout data Last visit and last post timestamps IP addresses (registration IP and last IP) Signature content (including Telegram handles, PGP links, external URLs) and much more… For context, BreachForums is a cybercrime and hacker forum known for leaking and selling breached and stolen databases, inforstealer logs, and PII from around the world. ShinyHunters Says All Active BreachForums Domains Are Fake In a statement posted on its dark web site, which is also being used to release Salesforce-related data, the group rejected all current versions of BreachForums. It described them as fake and listed multiple domains such as .sb, .ac, .fi, .bf, and .us. ShinyHunters also claimed it holds full backups of BreachForums and warned that more data will be released unless all active forums shut down. According to the group, the dataset includes private messages, email addresses, IP records, and forum posts. The group added that it has exploits for several versions of MyBB, the forum software used by many platforms linked to BreachForums. This claim points to further risk for any active or revived instances of the forum. ShinyHunters’ announcement regarding BreachForums, along with a snippet of leaked BreachForums user data (Image credit: Hackread.com) “BreachForums has been run by many fakes, but not by us anymore, following the FBI seizure on 10 Oct 2025. Maintaining such an ecosystem is a waste of our time. There was an unauthorised leak on 9 Jan 2026. Ever since then, false personas going by “N/A“ and “Indra“ were successfully able to restore a similar-looking “legitimate“ forum. All the current forums are fake . If they continue to exist, we’ll leak all the BF backups, including every private message, emails, IP addresses, posts, ect. We have exploits for all 1.8 versions of MyBB.” ShinyHunters So Who’s Running These Forums? It remains unclear who is behind the multiple versions of BreachForums. Two possibilities are being discussed: first, opportunistic cybercriminals exploiting the popularity of the “BreachForums” name, or second, law enforcement agencies running honeypots to identify and track cybercriminal activity. Either way, if you are active on any of these forums, your data could be exposed by ShinyHunters in the coming days, based on their claims. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts RELATED POSTS MyFitnessPal-Owned Cal AI Hit by Data Breach Affecting 3M Users Database of 323k BreachForums Users Leaked, Admin Disputes Scope ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data ShinyHunters Leak Millions of SoundCloud, Crunchbase, Betterment Data ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security BreachForumsCyber AttackCyber CrimeCybersecuritydatabaseSalesforceShinyHunters Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Google News Malware Phishing Scam Security Hackers using Google Adwords & Google Sites to spread malware Today, we at HackRead have discovered a sophisticated malware scam that tricks users into downloading fake Google Chrome browser… byWaqas Cyber Attacks Cyber Crime Hacking News Leaks #OpWorldCup: Anonymous Hacks Brazilian Govt, Police, Court, Globo TV and Cemig Telecom Anonymous has fulfilled its promise ofconducting cyber attacks on the government of Brazil during football World Cup. Anonymous… byWaqas Cyber Crime Teen girl facing up to 10 years for sending nude selfie As unnerving and concerning as it sounds, the fact is that teen sexting has become a grave issue… byCarolina Cyber Crime US charges 4 Chinese military hackers over 2017 Equifax breach The US government has charged four Chinese military officials over 2017's massive Equifax breach. byWaqas

Indicators of Compromise

• malware — ShinyHunters