CrackingForum, a vBulletin-based cybercrime forum dedicated to credential cracking and account-compromise operations, suffered a data breach in approximately mid-2016 with the breach data subsequently indexed by Have I Been Pwned on December 10, 2017. The breach data was extracted from the forum's vBulletin database and circulated within breach-trading communities. DataBreach.com subsequently indexed the dataset on January 29, 2025 as part of a broader threat-actor-infrastructure indexing initiative.

The breach affected approximately 469,451 unique customer email addresses based on the deduplicated records indexed by DataBreach.com (with Have I Been Pwned reporting approximately 660,305 records for the same incident, with the difference reflecting deduplication and reprocessing of the breach data). Compromised fields included email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes. The salted MD5 hashing represents a deprecated cryptographic algorithm vulnerable to brute-force cracking, making the password values practically recoverable for many users despite the salting.

For individuals whose email addresses appear in the CrackingForum dataset, the practical risk profile is severe and bifurcated. For users who actively participated in credential-cracking activity through CrackingForum, the breach exposed their identification as participants in a forum dedicated to credential-cracking operations against other online services, with substantial criminal-prosecution risk under U.S. federal Computer Fraud and Abuse Act statutes (and equivalent statutes in other jurisdictions). The breach data may be used by law enforcement to cross-reference pseudonymous identities across multiple cybercrime forums and to map participation patterns. The salted MD5 hashing means original passwords are recoverable through brute-force cracking for many users. Affected users should change any reused passwords on other accounts because the password exposure means any account where the same password was reused is potentially compromised. Users whose IP address data may have included real (non-VPN) addresses are at elevated identification risk. The U.S. Computer Fraud and Abuse Act and equivalent statutes in other jurisdictions may apply to CrackingForum members whose forum activity constituted unauthorized account access.

Cracking forums collect user accounts, messages, trade histories, service listings, and discussion records tied to credential abuse and illicit access communities.

CrackingForum has since been retired or shut down based on publicly available information, with the crackingforum.com domain no longer hosting active forum content. The forum did not make any public acknowledgment of the 2016 breach. The breach was indexed by Have I Been Pwned on December 10, 2017 with a breach-date of July 1, 2016, and DataBreach.com indexed the dataset on January 29, 2025 as part of a broader threat-actor-infrastructure indexing initiative. The case sits within the broader pattern of vBulletin-based cybercrime forum compromises during 2016-2017 that included CrimeAgency's coordinated compromise of approximately 140 vBulletin forums in January 2016 (a separate large-scale campaign against unpatched vBulletin installations).