In March 2026, BreachForums V5 — one of the most well-known underground hacking forums on the internet — was itself hacked. The breach exposed approximately 340,000 unique email addresses, usernames, and password hashes belonging to the forum’s registered users. The group behind the leak, ShinyHunters, published the database on their dark web portal, making it freely available for anyone to download.
This means that if you ever created an account on BreachForums — even just to browse — your email address and password hash are now in the hands of criminals and security researchers alike. The irony is hard to miss: a forum built for sharing stolen data became the victim of the same kind of attack.
What happened to BreachForums V5?
BreachForums has had a turbulent history. The original forum was shut down by the FBI in 2023, and its founder was arrested. Multiple revival attempts followed, each numbered as a new version. The FBI seized the forum again on October 10, 2025, which many in the security community considered the definitive end.
Despite that seizure, BreachForums V5 appeared shortly after — a new revival attempt by a different group of administrators. ShinyHunters, a notorious data extortion and hacking collective responsible for breaches at dozens of major companies, dismissed V5 as illegitimate. They claimed that the real BreachForums ceased to exist after the FBI seizure in October 2025.
To make their point, ShinyHunters leaked the entire V5 database — 340,000 user records — through their own dark web portal in March 2026. This was actually the second leak tied to BreachForums in 2026. An earlier breach in January 2026 had already exposed roughly 324,000 records from a previous version of the forum, as reported by Infosecurity Magazine.
Who is affected by the BreachForums V5 leak?
Anyone who registered an account on BreachForums V5 is affected. That includes roughly 340,000 people who created accounts on this particular version of the forum.
It is important to understand that not everyone on BreachForums was a hacker. Many users signed up to:
- Check if their own data had been leaked in other breaches
- Follow security news and threat intelligence
- Research for journalism, academic work, or cybersecurity jobs
- Browse out of curiosity after hearing about the forum in the news
Regardless of the reason, anyone who used a real email address to register now has that email exposed. And if they reused a password from another site, those other accounts are at risk too.
What data was exposed in the BreachForums V5 breach?
The leaked database contained three key pieces of information for each user:
- Email addresses — approximately 340,000 unique addresses
- Usernames — the display name each person used on the forum
- Password hashes — passwords stored using the Argon2 hashing algorithm
The good news is that Argon2 is one of the strongest password hashing methods available as of 2026. Unlike older methods like MD5 or SHA-1, Argon2 hashes are extremely difficult and time-consuming to crack. However, “difficult” does not mean “impossible.” If someone used a weak or commonly used password — like “password123” or “qwerty2025” — it could still be cracked with enough computing power and time, as Bitdefender noted in their analysis.
The email addresses are the bigger immediate concern. They can be used for targeted phishing attacks, spam campaigns, and cross-referencing with other leaked databases to build more complete profiles of individuals.
How can you check if your email was affected?
If you think you may have registered on BreachForums at any point, you should check whether your email address appears in breach databases.
The quickest way to find out is to use EmailLeaked — enter your email and you will see within seconds whether it has appeared in any known breach, including this one. It is free, private, and tells you exactly what type of data was exposed.
You do not need to remember whether you used BreachForums specifically. Our checker scans across hundreds of known breaches, so you will get a complete picture of your exposure in one search.
What should you do right now if you are affected?
If your email appears in the BreachForums V5 breach — or any breach — take these five steps immediately:
1. Change your passwords on every account that shares the same password. If you used the same password on BreachForums as on your email, social media, banking, or any other account, change them all right now. Use a completely different password for each one — at least 16 characters long, mixing uppercase, lowercase, numbers, and symbols. A password manager makes this easy.
2. Enable two-factor authentication everywhere you can. Two-factor authentication (also called 2FA or MFA) adds a second layer of security beyond your password. Even if someone cracks your password, they cannot get into your account without the second factor. Use an authenticator app — not SMS — for the strongest protection. Read our guide to two-factor authentication for step-by-step instructions.
3. Watch for phishing emails over the next 90 days. Now that your email address is publicly linked to BreachForums, you may receive targeted phishing emails. These might claim to be from law enforcement, security companies, or even BreachForums itself. Do not click links in unexpected emails. Do not download attachments. If an email creates urgency or fear, that is usually a sign it is fake.
4. Check your other accounts for suspicious activity. Log in to your email, banking, and social media accounts. Look for:
- Logins from locations you do not recognize
- Password reset emails you did not request
- Sent emails you did not write
- New accounts or subscriptions you did not create
5. Consider a credit freeze if personal details were exposed. If you used real personal information on your BreachForums profile — like your real name or location — consider placing a freeze on your credit reports with the three major bureaus (Equifax, Experian, TransUnion). This prevents anyone from opening new accounts in your name.
How can you prevent exposure in future breaches?
No one can guarantee that a website they use will never be breached. But you can minimize the damage when it happens:
Use a unique password for every single account. This is the most important rule. When you reuse passwords, one breach turns into five or ten compromised accounts. A password manager generates and stores unique passwords for you so you do not have to remember them.
Use an email alias for forums and low-trust sites. Services like Apple Hide My Email, Firefox Relay, or SimpleLogin let you create disposable email addresses that forward to your real inbox. If a forum gets breached, only the alias is exposed — not your real email.
Enable two-factor authentication on your most important accounts. At minimum, enable 2FA on your primary email account, your bank, and any account that stores payment information.
Never share unnecessary personal information. Forums, social media, and free services do not need your real name, birthday, or phone number. The less real data you provide, the less damage a breach can cause.
Check your email regularly for breaches. Use EmailLeaked to check whether your email has appeared in newly discovered breaches. Catching a breach early gives you time to act before attackers do.
As of 2026, over 12 billion records from more than 960 known breaches are searchable in public breach databases. The BreachForums V5 leak adds another 340,000 records to that total. Regular monitoring is no longer optional — it is basic digital hygiene.
Frequently asked questions
How many BreachForums users had their data exposed?
Approximately 340,000 unique email addresses were exposed in the BreachForums V5 leak, along with usernames and Argon2 password hashes. A separate, earlier breach in January 2026 exposed roughly 324,000 records from a previous version of the forum.
Who hacked BreachForums V5?
ShinyHunters, a well-known data extortion and hacking collective, claimed responsibility for leaking the BreachForums V5 database. They published the data on their dark web portal and dismissed V5 as an illegitimate revival of the original forum.
Are BreachForums passwords compromised?
The passwords were stored as Argon2 hashes, which is one of the strongest hashing algorithms available. This means most passwords are safe from cracking — but weak or commonly used passwords could still be broken with enough time and computing power. If you used BreachForums, change your password on every site where you used the same one.
Why does this breach matter if BreachForums is a hacking forum?
Many BreachForums users used their real email addresses when signing up. Those email addresses and any reused passwords are now exposed, putting their other personal accounts at risk — regardless of why they used the forum. Security researchers, journalists, and curious individuals are all affected alongside any malicious users.
Can law enforcement use this leaked data?
Yes. Law enforcement agencies routinely monitor and analyze leaked forum databases. The exposed email addresses and usernames can be cross-referenced with other data to identify individuals. If you used BreachForums for legitimate purposes like security research, this is not necessarily a legal concern — but it is a privacy concern.
How is this different from the January 2026 BreachForums leak?
The January 2026 leak exposed approximately 324,000 records from an earlier version of BreachForums. The March 2026 leak targeted BreachForums V5 specifically and exposed 340,000 records. Some users may appear in both leaks if they registered on both versions of the forum. Both leaks include email addresses and password hashes.