introduction: What is BreachForums?

Who is BreachForums?

BreachForums is a criminal marketplace where hackers buy and sell personal information (emails, passwords, credit card information, etc.) stolen from companies or government agencies. it is a large online community with hundreds of thousands of members, a platform where compromised databases are posted and traded, and where hacking techniques, malware, and cybercrime know-how are shared. it’s also a top priority for security experts and law enforcement.

why it matters

most data breaches of major companies around the world are traded through such dark web forums. data breaches of Korean companies are also frequently found on BreachForums, and the information traded there is often used for identity theft, financial fraud, and further cyber attacks.

the purpose of this report

In January 2026, the crime giant itself was attacked from within, exposing the information of more than 320,000 members to the world in an unprecedented event. through this ironic case of criminals betraying criminals, this report analyzes the reality of the dark web and the core concepts of digital security in a way that even beginners can understand. this is not just a hacking incident, but a historical moment in the collapse of the trust structure of the dark web ecosystem.

1) Case Overview and Background

On January 9, 2026, an unprecedented event occurred at BreachForums, the largest data exchange on the dark web. the forum itself was attacked from within, and the information of more than 320,000 users was released to the world under the name “Doomsday: The Story of James”. this was more than just a security breach, it was a historic event that undermined the trust structure of the dark web’s anonymity-based criminal ecosystem. in March 2026, the forum’s complete collapse culminated in the internal fraud and betrayal of operator N/A. this chapter analyzes in detail the background, context, and chronology leading up to this event.

1. the history and significance of BreachForums

BreachForums was created as the de facto successor to RaidForums, which was shut down by law enforcement in 2022. After RaidForums’ operator “Omnipotent” (Diogo Santos Coelho) was arrested in the United Kingdom in January 2022 and the forum was seized by the FBI, “pompompurin” (Conor Brian Fitzpatrick) launched BreachForums in March of the same year, continuing the tradition of data breach trading.

[Figure 1] BreachForums Generational Timeline

2.august 2025 breach

The roots of the breach can be traced back to August 11, 2025, when BreachForums (.hn) was shut down under pressure from law enforcement and infrastructure recovery efforts were underway. during the site migration, the administration made a fatal administrative mistake by storing the users table and forum PGP private keys in an unsecured temporary folder.

2-1.Technical Background of the Breach

The MySQL database table of the MyBB software used to run the forum was exposed during the backup process. specifically, the user information database with the table name ‘hcclmafd2jnkwmfufmybb_users’ was at the center of the problem. this data was stored under the file name ‘databoose.sql’ and had a file size of approximately 45.7MB.

in the chaos of the recovery effort, security protocols failed to function properly, and the folder was downloaded externally once during the short time it was exposed. this single download was the start of a chain reaction that would eventually lead to the release of more than 320,000 criminals’ information.

For more information, please see the attached file.