HackForums (hackforums.net), a prominent online forum dedicated to discussions on hacking and computer security, suffered a data breach on June 25, 2011 when the hacktivist group LulzSec extracted approximately 200,000 user accounts from the forum's systems and released the data as part of LulzSec's '50 Days of Lulz' campaign farewell dump on June 26, 2011. The HackForums data was distributed alongside other LulzSec-extracted datasets including AOL internal data, AT&T internal documents, the Battlefield Heroes Beta user list, the NATO online bookshop user database, U.S. Navy website defacement evidence, FBI internal communications, Arizona Department of Public Safety documents, and various other targets compromised during LulzSec's eight-week 2011 campaign. The HackForums-specific dataset was distributed as a 111.2 megabyte SQL file. The breach was subsequently indexed by Have I Been Pwned and redistributed by DataBreach.com on March 4, 2025.

The breach affected approximately 194,380 unique customer email addresses based on records indexed by Have I Been Pwned (with original LulzSec reporting describing approximately 200,000 user accounts). Compromised fields included email addresses, usernames, dates of birth, IP addresses, instant messenger identities, social connections (revealing the forum-member network of contacts), spoken languages, time zones, user website URLs, website activity records, and passwords. The breach is notable for the unusually rich field set including social graph data, time zone information, and language data, which significantly enhances the value of the dataset for behavioral analysis and targeted social engineering against affected members.

For affected users, the practical risk profile is severe and varies depending on the user's pattern of forum participation. For users who actively participated in cybercrime through HackForums (selling malware, coordinating attacks, trading credentials), the breach exposure created identification risk that has had more than fourteen years to compound through subsequent law enforcement investigations and cross-referencing with other breached cybercrime forums. For users who participated in HackForums only for legitimate security research or general technology discussion, the breach exposure represents a credential-reuse and identity-enrichment risk that can be addressed through standard password rotation, with the additional consideration that historical HackForums membership may be referenced in employment background checks or security-clearance investigations. The exposure of social graph data combined with time zone and language information creates a uniquely detailed behavioral profile that can support targeted social engineering attacks. Affected users should change any reused passwords on other accounts because the breach included password data, and should consider whether their HackForums-era email address, instant messenger handle, and website URL are still active or could be used to link historical forum activity to current personal or professional accounts.

Hacking forums collect user accounts, messages, trade histories, service listings, and discussion records tied to cybercrime, exploits, and illicit services.

HackForums continues to operate as one of the longest-running and most active English-language hacking forums. Following the 2011 LulzSec breach, HackForums implemented various security improvements but has continued to be the subject of periodic compromises and security incidents. The case has been broadly cited in cybersecurity coverage as one of the canonical early cybercrime forum compromises, with the LulzSec attribution making it part of the broader 2011 hacktivism narrative that included the breaches of Sony Pictures, the U.S. Senate website, the U.S. Navy website, the Arizona Department of Public Safety, and various other targets during the LulzSec '50 Days of Lulz' campaign. The breach was redistributed and indexed by DataBreach.com on March 4, 2025.