In a dramatic flip for the cybercrime underworld, a mysterious hacker often known as “James” has leaked the whole person database of BreachForums, a infamous Darkish Internet discussion board serving as a hub for stolen knowledge buying and selling and hacking discussions.
The breach, introduced on January 9, 2026, through the location shinyhunte.rs, exposes metadata for over 323,986 customers, together with admins, moderators, and common members, doubtlessly dooming many to regulation enforcement scrutiny.
This incident underscores the irony of cybercriminals falling sufferer to their very own vulnerabilities.paste.txt
BreachForums Information Breach
BreachForums emerged in 2022 because the successor to RaidForums, which U.S. authorities seized amid investigations into knowledge trafficking.
The discussion board, powered by MyBB software program, facilitated gross sales of breached datasets, hacking instruments, and illicit companies, usually hosted through DDoS-Guard and Tor mirrors regardless of repeated takedowns.
Key disruptions included the 2023 arrest of founder Conor Fitzpatrick, who acquired a 20-year supervised launch sentence, and a 2024 area seizure swiftly reclaimed by operators ShinyHunters.
ShinyHunters, linked to teams like Scattered LAPSUS Hunters, relaunched the location a number of occasions, surviving French arrests in June 2025 and FBI seizures of extortion portals. The discussion board’s resilience relied on frequent area switches and Darkish Internet presence, however underlying MyBB flaws proved deadly.
The dumped MySQL database, from desk “hcclmafd2jnkwmfufmybbusers,” reveals usernames, hashed passwords (Argon2), emails, IP addresses, registration dates, and PGP keys for high-profile accounts like ShinyHunters, Hole, and IntelBroker.
Evaluation exhibits admins (4), tremendous moderators (3), and mods (6), with person origins spanning the U.S. (largest share), Germany, Netherlands, France, Turkey, UK, and MENA areas like Morocco and Egypt.
Screenshots from hooked up pictures depict the shinyhunte.rs web page with “DOOMSDAY: The Story of James” manifesto and a pie chart visualizing person international locations, highlighting U.S. dominance. James claims the breach stemmed from an internet app vulnerability or misconfiguration, turning the criminals’ haven right into a legal responsibility.
Beneath the banner “Doomsday,” James portrays himself as a “predator” transcending generations, boasting infiltrations of Google, Microsoft, the FBI, the NSA, and extra.
He names alleged operators like Dorian Dali (Kams), Nahyl Ojeda (INDRA), Ali Aboussi (Kernel), and founders Prosox/Kuroish, vowing their downfall for betraying the next goal. Addressing French readers, James positions himself as a protector in opposition to these “kids” he as soon as mentored, linking to anti-France actions.
The textual content blends hacker lore with philosophical rants on energy, evil, and redemption, echoing previous underground manifestos.
This self-inflicted wound exposes plaintext dangers even on Darkish Web pages, amplifying arrest threats amid international crackdowns. Victims face doxxing, whereas regulation enforcement beneficial properties leads on ShinyHunters derivatives inside “The Com” community. Resecurity, sharing the dump for evaluation, warns of broader disruptions to extortion rackets concentrating on corporations like Salesforce.
As James declares “no place to cover,” the BreachForums saga illustrates cybercrime’s fragility, predators devoured by a better one.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
