BreachForums version 5 Listed by shinyhunters Ransomware Group
BreachForums has been run by many fakes, but by us, following the FBI seizure on 10 Oct 2025. Maintaining such an ecosystem is a waste of our time. There was an unauthorised leak on 9 Jan 2026. Ever since then, false personas going by “N/A“ and “Indra“ were successfully able to restore a similar-looking “legitimate“ forum. All the current forums are fake [ .sb, .ac, .fi, .bf, .us, ect.]. If they continue to exist, we'll leak all the BF backups, including every private message, emails, IP addresses, posts, ect. We have exploits for all 1.8 versions of MyBB.
On March 26, 2026, the ransomware group ShinyHunters listed BreachForums version 5 on its leak site and threatened to publish internal backups containing private messages, emails, IP addresses, and posts unless the operators of several copycat sites shut them down.
Confirmed Details of the Incident
Public reporting indicates the threat actors gained access through an unauthorised leak that occurred on 9 January 2026. The group states it has been maintaining the original BreachForums ecosystem since the FBI seizure on 10 October 2025 and now views continued operation as inefficient. ShinyHunters claims all current versions of the forum operating at domains ending in .sb, .ac, .fi, .bf, .us and similar extensions are operated by impostors using the personas “N/A” and “Indra.” The actors further state they possess exploits for all 1.8 versions of MyBB, the underlying forum software. The precise number of user accounts exposed remains unknown, but the material includes internal files exfiltrated during the ransomware attack.
Why This Matters for You and Your Family
If you or anyone in your household ever posted on BreachForums or used the same email address, password, or username on other services, your information could appear in the threatened release. Private messages, emails, and IP addresses can be combined with data from earlier breaches to build a detailed profile. Children who used family email addresses to register on gaming platforms or forums are also at risk because those credentials often overlap with adult accounts. Once published, the data becomes freely available to anyone with basic search skills, increasing the chance of identity theft, targeted phishing, or harassment directed at you or your family members.
The Doxxing and Identity-Chain Implications
Leaked IP addresses and email addresses serve as bridges that link anonymous forum handles to real-world identities. Public reporting describes how such information frequently cascades into doxxing chains: an attacker starts with one credential, tests it on email providers, gaming services, and social media, then maps the connections. A single exposed password from BreachForums can lead to takeover of your child’s Roblox, Discord, or Steam account if the same credentials were reused. The combination of private messages and IP data makes it easier for malicious actors to identify home addresses, workplaces, and family relationships. Available reporting indicates these identity chains can persist for years because the data is copied and reposted across multiple underground marketplaces.
ShinyHunters’ Publicly Known Track Record
Public reporting attributes the group’s emergence to 2020. Notable prior victims include several large consumer databases and ticket-resale platforms. The typical playbook begins with initial access through stolen credentials or unpatched web applications, followed by exfiltration of customer records and internal files. ShinyHunters then demands payment or threatens public release on dedicated leak sites. In this case the extortion targets the operators of copycat BreachForums rather than individual users, yet the collateral release of user data follows the group’s established pattern of maximising pressure through broad exposure.
What to do
- Run a DoxxScan to map every link between your emails, usernames, phone numbers, and real identity so you can see exactly what chains back to the BreachForums leak.
- Rotate the password used on BreachForums anywhere it is reused and switch on two-factor authentication through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your data is caught in hours, not months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts where credential leaks like this one commonly cascade into takeovers.
- Let remediation specialists handle takedown requests across data brokers and exposed profiles while you focus on securing the accounts that matter most to your family.
The incident shows that even long-dormant forum accounts can suddenly become active threats when operators feud or ransomware groups intervene. Starting with a clear picture of your exposure and maintaining ongoing visibility is the most practical way to limit damage. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects handles to real identities, hands-on remediation by specialists, and household coverage that includes children’s gaming accounts.
Related breaches
Kevin Bao Lenguyen Listed by play Ransomware Group
United States…
Forces Listed by medusalocker Ransomware Group
Organization with 28 emails extracted. Domain: ***.gc.ca…
vicentetrapani.com Listed by apt73 Ransomware Group
vicentetrapani.com — this is the website of Vicente Trapani S.A., an agro-industrial holding co...…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →