"The allegedly stolen user data was later posted to shinyhunte[.]rs, alongside a message from a self-described cyber outlaw calling himself "James," who appeared keen to make sure his handiwork didn't go unnoticed. Have I Been Pwned's listing of the incident shows that the breach occurred before law enforcement's October 2025 takedown of the BreachForums domain, and that the leak comprised roughly 324,000 unique email addresses, usernames, and Argon2-hashed passwords, pulled from public posts, private messages, and other forum records."
"According to Resecurity's analysis of the breach, the leaked database includes records linked to real individuals active in the cybercrime world, including crims previously associated with groups such as GnosticPlayers. PGP keys tied to accounts using handles such as ShinyHunters and IntelBroker were also found in the dump. The database was published alongside a rambling, self-indulgent manifesto by "James," which included remarks and identifiers pointing to other miscreants allegedly involved in malicious activity."
"One detail that caught researchers' attention was timing. The most recent registration date in the leaked database is August 11, 2025, the same day the previous BreachForums site at breachforums[.]hn was shut down, suggesting the data was lifted as the forum was entering its final hours. Resecurity said it reviewed the IP data in the leak, while warning that VPN use"
Approximately 324,000 user accounts tied to BreachForums were exposed in an August 2025 breach, spilling email addresses, usernames, and Argon2-hashed passwords. The leaked records were pulled from public posts, private messages, and other forum records. The incident was added to Have I Been Pwned's database on January 10. The stolen data was posted to shinyhunte[.]rs and included a manifesto from an individual identifying as "James," which named other alleged miscreants. Resecurity's analysis found records linked to known cybercriminals and PGP keys tied to handles such as ShinyHunters and IntelBroker. Timing suggests the data was taken as the forum was closing.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]