ShinyHunters Burn BreachForums: 300,000 Identities Exposed in Hacker Power Play

In a dramatic turn in the cyber underground, the ShinyHunters hacking collective has detonated a data bomb on their former stronghold, BreachForums - leaking the private details of over 300,000 users and publicly declaring the forum’s current incarnations “fake.” This move follows the FBI’s October 2025 seizure of BreachForums, a notorious marketplace for stolen credentials and data, and signals a bitter split in the digital underworld’s ranks.

Fast Facts

• ShinyHunters leaked a database with over 300,000 BreachForums user profiles, including emails, IPs, and session tokens.
• The group denounced all BreachForums domains as “fake” after the FBI’s October 2025 takedown.
• Leaked data spans basic credentials to signatures, login attempts, and even Telegram handles.
• ShinyHunters claim to possess further backups and threaten more leaks unless all active forums shut down.
• Security experts warn of further risks due to alleged MyBB software vulnerabilities held by ShinyHunters.

The Fallout: Data Exposure and Deception

The leaked database isn’t just a list of usernames and passwords - it’s a comprehensive snapshot of BreachForums’ users. Analysis reveals that even recent accounts are included, with records containing not only email addresses, hashed passwords, and login tokens, but also IP addresses, registration dates, private message metadata, and user signatures. Many of these signatures link to Telegram handles and PGP keys, increasing exposure for those who thought they operated in the shadows.

ShinyHunters’ statement, posted on their own dark web platform, brands all current BreachForums domains as imposters, specifically calling out domains like .sb, .ac, .fi, and .us. They claim that since the January 2026 unauthorized leak, actors using aliases “N/A” and “Indra” have revived lookalike forums, which ShinyHunters now threaten with further data dumps unless they disappear.

Who’s Really Behind BreachForums Now?

The answer remains a mystery. The new wave of BreachForums sites could be opportunistic cybercriminals cashing in on the brand’s notoriety - or they could be law enforcement honeypots designed to ensnare would-be hackers. Either way, ShinyHunters’ warning is clear: anyone active on BreachForums, old or new, is at risk of their data being released in future leaks.

Compounding the threat, ShinyHunters claim to possess exploits for all 1.8 versions of MyBB, the forum software powering BreachForums and many similar sites. This revelation puts both users and forum operators on high alert, as further breaches may be imminent if these vulnerabilities are weaponized.

Reflections from the Cyber Shadows

This latest breach underscores the perils of the cybercrime ecosystem: trust is fleeting, alliances are fragile, and the greatest danger often comes from within. For the hundreds of thousands whose data has now been exposed, the fallout could range from targeted phishing to law enforcement scrutiny. As the dust settles, one thing is certain: in the world of underground forums, betrayal can be just a data dump away.

WIKICROOK

• Hashed password: A hashed password is a password transformed into a scrambled code using a hash function, making it unreadable and secure from unauthorized access.
• Session token: A session token is a unique digital code that keeps users logged in to websites or apps. If stolen, attackers can access accounts without a password.
• PII (Personally Identifiable Information): PII is any information that can identify a person, like a name, address, or social security number, and must be protected to ensure privacy.
• MyBB: MyBB is open-source forum software that organizes user data in databases. It offers customization, plugins, and requires strong security for safe online communities.
• Honeypot: A honeypot is a fake system set up to attract cyber attackers, enabling organizations to study attack methods without endangering real assets.