Home > Security > Security News

BreachForums Version 5 Data Breach Exposed 340,000 Accounts, ShinyHunters Claim Leak

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Man - Dartboard - Dart - Dark Web - Target
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Data exposed: In March 2026, security analysts verified a massive database exposure involving a recent iteration of a notorious cybercrime marketplace.
  • Leaked data: A BreachForums Version 5 breach exposed compromised data for nearly 340,000 unique user accounts.
  • Threat actor: The prominent threat actor group ShinyHunters claimed direct responsibility for this database leak. 

The BreachForums Version 5 breach publicly exposed the sensitive authentication data of 339,800 registered users, including email addresses, usernames, and argon2 password hashes. The ransomware group claimed responsibility, citing frustration with fake forum operators following the October 2025 FBI domain seizure.

The ShinyHunters Leak BreachForums Data

The BreachForums data leak was added to breach notification service Have I Been Pwned (HIBP) on March 27, 2026, and contains:

ShinyHunters claim BreachForums Version 5 leak | Source: Dark Web Informer
ShinyHunters claim BreachForums Version 5 leak | Source: Dark Web Informer

According to their public declaration cited by Dark Web Informer, the group operated this specific iteration of the forum following the official FBI domain seizure on October 10, 2025. 

They stated that maintaining the cybercriminal ecosystem became an inefficient use of their resources after an unauthorized internal leak occurred on January 9, 2026. 

Escalating Cybersecurity Implications

ShinyHunters issued a strict ultimatum demanding the immediate shutdown of all current imitation platforms. The message criticized operators utilizing aliases like "N/A" and "Indra" for establishing imitation forums across various top-level domains, including .sb, .ac, .fi, .bf, and .us.

Additionally, the group claims to possess active exploits for all 1.8 versions of the MyBB forum software and threaten to release backups, including every private message, emails, IP  addresses, and posts, if imitation forums persist.

The FBI seized BreachForums in October 2025, only for it to reemerge two months later with an admin apologizing for honeypot confusion and claiming the French government attack impacting over 16 million individuals.

Add a Comment
Related
Pro-Ukrainian Bearlyfy Ransomware Group Attacks Target Russian Companies
Cambodian Fraud Compound Operators ‘Legend Innovation’ and Crypto Marketplace ‘Xinbi‘ Sanctioned by the UK
Suspected Armenian Extradited for Operating RedLine Malware Scheme Following Co-Conspirator Arrest
GitHub Phishing Campaign Targets Developers with Fake VS Code Alerts that Urge the Patching of Fabricated CVEs
Delve Provided Certifications for LiteLLM Before Malware Breach Suspected to Originate from Trivy Supply Chain Attack
Police - Hacker - Arrest - Handcuffs
Russian Authorities Announce Suspected LeakBase Admin Arrest
Most Popular
Pro-Ukrainian Bearlyfy Ransomware Group Attacks Target Russian Companies
Cambodian Fraud Compound Operators ‘Legend Innovation’ and Crypto Marketplace ‘Xinbi‘ Sanctioned by the UK
Suspected Armenian Extradited for Operating RedLine Malware Scheme Following Co-Conspirator Arrest
GitHub Phishing Campaign Targets Developers with Fake VS Code Alerts that Urge the Patching of Fabricated CVEs
Delve Provided Certifications for LiteLLM Before Malware Breach Suspected to Originate from Trivy Supply Chain Attack
Police - Hacker - Arrest - Handcuffs
Russian Authorities Announce Suspected LeakBase Admin Arrest
Pro-Ukrainian Bearlyfy Ransomware Group Attacks Target Russian Companies
Cambodian Fraud Compound Operators ‘Legend Innovation’ and Crypto Marketplace ‘Xinbi‘ Sanctioned by the UK
Suspected Armenian Extradited for Operating RedLine Malware Scheme Following Co-Conspirator Arrest
GitHub Phishing Campaign Targets Developers with Fake VS Code Alerts that Urge the Patching of Fabricated CVEs
Delve Provided Certifications for LiteLLM Before Malware Breach Suspected to Originate from Trivy Supply Chain Attack
Russian Authorities Announce Suspected LeakBase Admin Arrest

Most Popular
Pro-Ukrainian Bearlyfy Ransomware Group Attacks Target Russian Companies
Cambodian Fraud Compound Operators ‘Legend Innovation’ and Crypto Marketplace ‘Xinbi‘ Sanctioned by the UK
Suspected Armenian Extradited for Operating RedLine Malware Scheme Following Co-Conspirator Arrest
GitHub Phishing Campaign Targets Developers with Fake VS Code Alerts that Urge the Patching of Fabricated CVEs
Delve Provided Certifications for LiteLLM Before Malware Breach Suspected to Originate from Trivy Supply Chain Attack
Police - Hacker - Arrest - Handcuffs
Russian Authorities Announce Suspected LeakBase Admin Arrest
Pro-Ukrainian Bearlyfy Ransomware Group Attacks Target Russian Companies
Cambodian Fraud Compound Operators ‘Legend Innovation’ and Crypto Marketplace ‘Xinbi‘ Sanctioned by the UK
Suspected Armenian Extradited for Operating RedLine Malware Scheme Following Co-Conspirator Arrest
GitHub Phishing Campaign Targets Developers with Fake VS Code Alerts that Urge the Patching of Fabricated CVEs
Delve Provided Certifications for LiteLLM Before Malware Breach Suspected to Originate from Trivy Supply Chain Attack
Russian Authorities Announce Suspected LeakBase Admin Arrest

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: