The user database from the latest version of the notorious BreachForums cybercrime marketplace has been leaked online, exposing information for approximately 324,000 accounts. The leaked data includes a "mybb_users" SQL table containing member display names, registration dates, and IP addresses, along with the forum's PGP private key. While the PGP key is passphrase-protected, the password was later posted on the leak site, potentially compromising the forum's ability to sign official messages securely.
An analysis of the database reveals that a majority of the IP addresses are internal loopback addresses, but over 70,000 records contain genuine public IPs that could compromise the operational security of those users. The most recent registration date in the leak corresponds to August 11, 2025, the same day a previous BreachForums domain was shut down following law enforcement action. The forum's current administrator acknowledged the breach, attributing it to a temporary exposure of a backup file during a restoration process in August.
This incident follows a history of law enforcement seizures and accusations that the forum operates as a honeypot. While the administrator advises members to use disposable credentials, the leak provides valuable intelligence to cybersecurity researchers and authorities. The exposure underscores the persistent risks faced by participants in illicit online communities, even as these platforms continually resurrect under new domains.
Read more...