Overview
- A site named shinyhunte[.]rs published an SQL archive on January 9 with a manifesto and a PGP key, and the private key password appeared the following day.
- Have I Been Pwned listed the incident on January 10, citing roughly 324,000 unique emails, usernames and Argon2-hashed passwords predating the forum’s October 2025 takedown.
- Resecurity found many authentic entries but also loopback or scrubbed IPs and other tampering that complicate direct attribution.
- BreachForums’ administrator known as N/A said the data came from an August 2025 users-table exposed during a restoration when files were briefly left in an unsecured folder.
- Researchers warned the leak could generate investigative leads while urging downloads only from trusted sources due to potential malware in unofficial copies.