The notorious BreachForums hacking forum has suffered a major data breach, exposing 324,000 accounts. This incident highlights the ongoing challenges in the battle against cybercrime and the resilience of criminal networks. The forum, known for trading, selling, and leaking stolen data, as well as selling access to corporate networks, has a history of data breaches and police actions. Despite these setbacks, it has repeatedly relaunched under new domains, with some suspecting it's a honeypot for law enforcement.
A recent development occurred when a website named after the ShinyHunters extortion gang released a 7Zip archive containing sensitive information. The archive included three files: 'shinyhunte.rs-the-story-of-james.txt', 'databoose.sql', and 'breachedforum-pgp-key.txt.asc'. The 'databoose.sql' file, a MyBB users database table, revealed 323,988 member records with display names, registration dates, IP addresses, and other internal data. Interestingly, most IP addresses mapped to a local loopback IP address, making them less useful for malicious activities.
However, 70,296 records lacked the loopback IP address, and these public IP addresses could be a significant concern for individuals and valuable to law enforcement and cybersecurity researchers. The last registration date in the leaked database is August 11, 2025, the day BreachForums at breachforums[.]hn shut down following the arrest of its operators in France. This timing coincides with a message posted by a ShinyHunters member on the 'Scattered Lapsus$ Hunters' Telegram channel, suggesting the forum was a law-enforcement honeypot. BreachForums administrators denied these claims.
The current BreachForums administrator, 'N/A', acknowledged the breach, explaining that a backup of the MyBB user database table was temporarily exposed in an unsecured folder and downloaded only once. They emphasized that the data was from an old leak, dating back to August 2025, during the forum's restoration period. Despite this, the administrator advised members to use disposable email addresses for added security, and most IP addresses were local, reducing potential risks.
This incident underscores the ongoing cat-and-mouse game between cybercriminals and law enforcement, where the line between legitimate restoration and potential honeypot tactics can be blurred. As the battle against cybercrime continues, the importance of robust security measures and vigilance cannot be overstated.
