{"id":15458,"date":"2026-01-12T21:36:57","date_gmt":"2026-01-12T21:36:57","guid":{"rendered":"https:\/\/newestek.com\/?p=15458"},"modified":"2026-01-12T21:36:57","modified_gmt":"2026-01-12T21:36:57","slug":"notorious-breachforums-hacking-site-hit-by-doomsday-leak-of-324000-criminal-users","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15458","title":{"rendered":"Notorious BreachForums hacking site hit by \u2018doomsday\u2019 leak of 324,000 criminal users"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Prominent crime forum BreachForums has suffered a new and possibly fatal blow to its reputation after the revelation that a database of thousands of criminals using it was stolen months ago.<\/p>\n

News of the breach emerged publicly on January 9 when a zip archive containing a MySQL database of 323,986 BreachForums users appeared on shinyhunte[.]rs, a domain reportedly unconnected to the infamous extortion group of the same name.<\/p>\n

According to Have I Been Pwned<\/em>, the data breach happened last August, two months before the police takedown<\/a> of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.<\/p>\n

This tallies with the August 11 date on the database leaked last week; that was the day its admins reportedly announced<\/a> that the site was being shut down for fear that it had been compromised by law enforcement.\u00a0<\/p>\n

Have I been Pwned<\/em> said that the stolen data also included<\/a> hashed passwords, private messages, and forum posts. <\/p>\n

However,\u00a0 according to security intelligence firm Resecurity<\/a>, the January leak contains two new elements: a password-protected PGP private key file and a grandiloquent, bizarre 4,400 word manifesto entitled \u2018Doomsday\u2019 by an author using the name \u201cJames,\u201d who claims to be behind the leak.<\/p>\n

The PGP key, leaked a day later on January 10, was most likely used to sign messages from BreachForums\u2019 admins, Resecurity said.<\/p>\n

One takedown after another<\/h2>\n

This leak<\/a> is only the latest in a series of problems, arrests, and takedowns to affect what was once one of the biggest English-speaking crime forums.<\/p>\n

The successor to the RaidForums<\/a> site seized by US authorities in 2022, BreachForums styled itself as a discussion site for topics such as data breaches, illegal sexual content, ransomware, and hacking tools.<\/p>\n

In 2023, the site\u2019s alleged founder and admin, Conor Brian Fitzpatrick, was arrested, and its clearnet domains were seized three months later. Fitzpatrick was later sentenced<\/a> to three years in jail by a US court.<\/p>\n

In 2024, a replacement admin, Baphomet, was also reportedly arrested<\/a>, and in 2025, five more individuals<\/a> accused of being connected to the site were taken into custody. Finally, last October came the takedown of the BreachForums dark web extortion site<\/a>.<\/p>\n

The immediate question is whether the leaked database will be of any use to police, assuming they don\u2019t already have access to it. It contains email addresses and IP data which will most likely point to proxies or anonymizing services. One analysis found that many of the IP addresses are simply loopbacks<\/a>. However, the most popular email service used to register with BreachForums is Gmail, which might provide a forensic link to anyone who\u2019s been careless and not covered their tracks.\u00a0\u00a0<\/p>\n

A question of data integrity<\/h2>\n

Experts had mixed responses to the news of the database leak. \u201cThe breach significantly undermines trust in the platform itself, which is critical for any cybercrime forum,\u201d said Michael Jepson<\/a>, penetration testing manager at consultancy CybaVerse.<\/p>\n

\u201cThe exposure damages confidence in BreachForums as a secure environment. As a result, more sophisticated cyber criminals are likely to migrate away from large and well known forums toward smaller, invite-only communities,\u201d he added.<\/p>\n

However, Michael Tigges<\/a>, a senior security operations analyst at security company Huntress, was less sanguine. \u201cWhile potentially useful for authorities and security professionals researching adversarial activities, the database is ultimately of limited forensics use. While the leak may be legitimate, the integrity is called in question if it was derived from another\u00a0cybercrime group,\u201d he pointed out.<\/p>\n

The biggest risk was that data leaks could be a cover for the distribution of disinformation. \u201cData leaks like these may be used to draw lines between nuclei of activity, but the reliability of the information must be highly scrutinized,\u201d said Tigges.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Prominent crime forum BreachForums has suffered a new and possibly fatal blow to its reputation after the revelation that a database of thousands of criminals using it was stolen months ago. News of the breach emerged publicly on January 9 when a zip archive containing a MySQL database of 323,986 BreachForums users appeared on shinyhunte[.]rs, a domain reportedly unconnected to the infamous extortion group of… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15458","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15458"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15458\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}