AbuseWith.Us, a hacking forum dedicated to email account and online gaming account compromise services, suffered multiple data breaches during 2016 with the breach data subsequently appearing in breach-trading communities and being indexed by Have I Been Pwned on October 9, 2017 with a breach-date of July 1, 2016. The breaches were not the subject of operator disclosure; the forum's data was itself compromised and traded by external parties, in a notable instance of threat actor infrastructure being subjected to the same breach dynamics as the legitimate websites that AbuseWith.Us members targeted.

The breach affected approximately 1,372,550 unique email addresses based on records indexed by Have I Been Pwned (with DataBreach.com listing approximately 1,283,526 records). Compromised fields included email addresses, usernames, IP addresses, and passwords stored in a mix of plaintext and various hash formats. The dataset reflected both AbuseWith.Us forum membership records and credentials sourced from various other breaches that had been collected by AbuseWith.Us members for use in account-compromise operations. The shared-administrator connection between AbuseWith.Us and the LeakedSource credential-search service means that the AbuseWith.Us breach data was likely directly accessible to or aggregated within LeakedSource's broader credential database.

For individuals whose email addresses appear in the AbuseWith.Us dataset, the practical risk profile is bifurcated. For individuals who were active AbuseWith.Us members (account-compromise practitioners or aspirants), the breach exposed their identification as participants in a hacking forum, with potential employment, professional, and legal consequences depending on jurisdiction and the user's actual activity on the forum. Such users should be aware that the breach data is now part of the public breach-notification infrastructure (via Have I Been Pwned) and may be referenced by future employment background checks, security clearance investigations, and similar inquiries. For individuals whose credentials were collected by AbuseWith.Us members from other breaches and stored within the AbuseWith.Us infrastructure (the larger population of affected individuals who never used AbuseWith.Us themselves), the breach represents an additional layer of credential exposure that may have already been addressed through the original source breach's remediation. Affected users should change any reused passwords on other accounts because the plaintext password exposure means any account where the same password was reused is fully compromised. The U.S. Computer Fraud and Abuse Act and equivalent statutes in other jurisdictions may apply to AbuseWith.Us members whose forum activity constituted unauthorized account access.

Account-hacking forums collect user accounts, messages, illicit service listings, and discussion history tied to account compromise and criminal access workflows.

AbuseWith.Us is now defunct, and the operator Jordan Evan Bloom was arrested by the Royal Canadian Mounted Police on January 15, 2018 in connection with the LeakedSource service. Bloom's company Defiant Tech Inc. pleaded guilty in 2019 to operating LeakedSource, which had sold access to billions of stolen credentials including data from the Ashley Madison breach. The RCMP investigation indicated that Bloom made approximately $250,000 from selling hacked data through LeakedSource. Bloom's biographical timeline is notable because Bloom was hired as a developer at Ashley Madison in late 2014, resigned from Ashley Madison in June 2015 citing health reasons (less than one month before unidentified hackers stole data on 37 million Ashley Madison users), and launched LeakedSource three months after the Ashley Madison hack. The case has been formally cited as a leading example of the criminalization of breach-data-as-a-service operations.