Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online.

BreachForums is the name of a series of hacking forums used to trade, sell, and leak stolen data, as well as sell access to corporate networks and other illegal cybercrime services.

The site was launched after the first of these forums, RaidForums, was seized by law enforcement, with the owner, "Omnipotent", arrested.

While BreachForums has suffered data breaches and police actions in the past, it has been repeatedly relaunched under new domains, with some accusing it of now being a honeypot for law enforcement.

Yesterday, a website named after the ShinyHunters extortion gang released a 7Zip archive named breachedforum.7z.

A representative of the ShinyHunters extortion gang told BleepingComputer they are not affiliated with the site that distributed this archive.

The archive's 'breachedforum-pgp-key.txt.asc' file is the PGP private key created on July 25, 2023, and used by BreachForums to sign official messages from the administrators. While the key has been leaked, it is passphrase-protected, and without the password, it can't be abused to sign messages.

The "databoose.sql" file is a MyBB users database table (mybb_users) containing 323,988 member records that include member display names, registration dates, IP addresses, and other internal information.

BleepingComputer's analysis of the table shows that most of the IP addresses map back to a local loopback IP address (0x7F000009/127.0.0.9), so they are not of much use.

However, 70,296 records do not contain the 127.0.0.9 IP address, and the records we tested map to a public IP address. These public IP addresses could be an OPSEC concern for those people and valuable to law enforcement and cybersecurity researchers.

Source: BleepingComputer