BreachForums (2025) Breach: 672K Accounts Exposed

Overview

In October 2025, law enforcement agencies took down a reincarnation of BreachForums-a notorious hacking forum that had been shuttered multiple times before. But in the months leading up to the takedown, the site itself suffered a data breach that exposed 672,247 unique user accounts. The stolen data-emails, passwords, usernames, and names-was later uploaded to Have I Been Pwned, confirming the scale of the compromise. For a platform built on trading and selling stolen data, this breach is a stark irony: its own users’ credentials are now at risk.

What Was Exposed

The breach exposed the following fields:

• Email addresses: 672,247 unique accounts. These are the primary identifiers for account takeover, phishing, and credential-stuffing attacks. Attackers can link them to other services if users reuse passwords.
• Passwords: Stored in plaintext or weakly hashed on BreachForums. BreachForums previously stored passwords in plaintext, making them immediately usable for credential reuse attacks. Even if hashed, many passwords can be cracked with modern tools.
• Usernames: Often tied to the same email, making targeted phishing easier. BreachForums users with prominent handles may face doxxing or harassment.
• Names: Some real names were also exposed, enabling identity linking and social engineering.

The combination of email and password is the most dangerous pairing: it enables direct account takeover on any other service where the same credentials are used.

Account Takeover Risks

This is a classic credential-dump breach. The immediate risk is account takeover-not on BreachForums (it’s gone), but on every other site where victims reused their BreachForums password. With 672k unique emails and passwords, attackers can run credential-stuffing attacks against email providers, social media, financial accounts, and corporate logins. Users who reused their BreachForums credentials should consider those accounts compromised.

The breach is especially dangerous because BreachForums was a hub for cybercriminals. Its users included hackers, scammers, and data brokers. Now their own credentials are exposed, which may lead to targeted retaliation, doxxing, or even physical threats.

What to Do Right Now

1. Check if you’re affected: Visit haveibeenpwned.com and search for your email. If it’s in this breach, assume your password is known.
2. Change your password immediately: Update the password you used on BreachForums and any other account where you reused it. Use a unique, strong password for each site.
3. Enable two-factor authentication (2FA): If your accounts support it, enable 2FA now. This prevents attackers from logging in even if they have your password.
4. Watch for phishing: Your email is now tied to a forum of fraudsters. Expect targeted phishing emails claiming to be from services you use. Do not click links or download attachments.
5. Monitor for unauthorized activity: Check your email for password reset notifications, login alerts, or new account registrations you didn’t make.

How to Check If You’re Affected

The simplest way is to visit Have I Been Pwned and enter your email address. If it’s listed, you’re in this breach. HIBP also shows you which other breaches your email appears in, giving you a full picture of your exposure. There is no tool to check if your username or name was leaked separately-HIBP only covers emails.

Security Insight

This breach reveals a persistent failure in BreachForums’ security posture: storing passwords in plaintext or using weak hashing on a platform that exists to trade stolen credentials. For a site that should understand basic security hygiene, this is inexcusable. It also highlights the risk of using the same password across multiple accounts-even security-savvy users on forums like this often reuse credentials across critical services. Whether you’re a hacker or a casual user, password reuse is the fastest path to account takeover.

Further Reading

• All Critical Breaches
• Recent Data Breaches