BreachForums Breaches Expose User Data After MyBB Zero-Day Compromise
BreachForums suffered repeated compromises that exposed member data across multiple iterations of the cybercrime forum. An earlier breach leaked details on about 4,000 members, while a later incident tied to the forum's reboot reportedly spilled data on roughly 325,000 users, underscoring the scale of exposure affecting one of the most prominent underground marketplaces.
Reporting on the more recent compromise said the forum was hit through a MyBB 0-day affecting unpatched software, with forum administrators claiming the intrusion was also linked to a broader law-enforcement crackdown. The incident disrupted the platform, prompted leadership changes including the emergence of a new admin, and highlighted how even criminal forums remain vulnerable to the same software flaws, operational failures, and data-security lapses that they routinely exploit in others.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Latest BreachForums reboot leaks data on 325,000 users
A later BreachForums reboot experienced a major data spill affecting approximately 325,000 users. The incident marked a significant escalation in scale compared with the earlier 2023 leak.
New admin says BreachForums was compromised via unpatched software
A new BreachForums administrator publicly stated that the forum had been compromised in a zero-day attack against unpatched software. This amounted to an official response from site operators about the cause of the breach.
Law enforcement reportedly exploits MyBB zero-day against BreachForums
BreachForums administrators said a law enforcement crackdown targeted the forum by exploiting a MyBB zero-day vulnerability. The incident was described as a compromise of the platform tied to unpatched forum software.
New BreachForums suffers breach exposing about 4,000 members
A rebooted BreachForums instance was breached, leading to the leak of data belonging to roughly 4,000 forum members. Reported exposed information included member account details from the newly relaunched site.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Latest BreachForums reboot spills data on 325K users
theregister.com
Open sourceBreachForums compromised in zero-day attack on "unpatched" software, new admin says | Cybernews
cybernews.com
Open sourceBreachForums Reveals Law Enforcement Crackdown Exploiting MyBB 0-Day
cybersecuritynews.com
Open sourceData Breach at New BreachForums: 4,000 members’ data leaked
hackread.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
BreachForums Data Breach and Dark Web Data Leaks
A major data breach has exposed the entire user database of BreachForums, a prominent English-language hacking forum on the dark web. The breach was announced on the shinyhunte[.]rs platform, which published a message and made the leaked database available for download and analysis. BreachForums, which had previously replaced RaidForums after its seizure, has been a central hub for cybercriminal activity, including the distribution of stolen data and hacking tools. The forum has faced multiple shutdowns and seizures, but continued to operate under new management and through various hosting providers and domains. In addition to the BreachForums breach, recent activity on dark web forums has included the sale and sharing of data from a South Korean university and a Saudi Arabian employment platform. These incidents highlight the ongoing risks posed by data leaks and breaches on dark web marketplaces, where sensitive information is traded and discussed. Security researchers have made related indicators of compromise (IOCs) and analysis available to subscribers, emphasizing the need for vigilance among organizations whose data may be exposed in such forums.
Mar 21, 2026
ShinyHunters Leaks 300,000 BreachForums User Records After Exiting Forum
ShinyHunters said it has abandoned **BreachForums** and released an updated database affecting more than **300,000 users** of the cybercrime marketplace. Reports say the leak goes beyond basic credentials and includes full account profile and activity data, including usernames, email addresses, hashed passwords, salts, IP addresses, login metadata, and forum activity timestamps. The group said maintaining the forum ecosystem became a "waste of time" after the FBI seizure of BreachForums and claimed that all currently active BreachForums domains are fake. ShinyHunters also threatened to publish fuller backups — including private messages, posts, and additional user data — unless the remaining forums shut down, while asserting it holds exploits for all **MyBB 1.8** versions; the identity of the operators behind current BreachForums instances remains unclear, with speculation ranging from opportunistic criminals to possible law enforcement honeypots.
Apr 30, 2026
Nulled.cr and Nulled.ch Forum Breaches Exposed User Data and Private Messages
Two breaches tied to the **Nulled** cybercrime forum ecosystem exposed large volumes of member data and private communications after attackers compromised both `Nulled.cr` and `Nulled.ch`. The larger incident hit `Nulled.cr`, where a 2016 hack exposed about **599,000 user accounts** and was later leaked publicly, including email addresses, IP addresses, usernames, weak salted MD5 password hashes, and hundreds of thousands of private messages between members. A separate breach affected `Nulled.ch`, where a 2020 compromise exposed more than **43,000 records** after the stolen data was published on a rival hacking forum. The leaked information included IP addresses, email addresses, usernames, salted MD5 password hashes, and the private message history of the site's administrator, underscoring repeated security failures across closely associated underground forum infrastructure.
Mar 27, 2026