A threat actor has allegedly listed stock market discussion forum Stockaholics for sale on a cybercrime forum, claiming to possess a database containing user account information from the platform.
The claim was published on June 21, 2026, by a forum account with limited publicly known history. The actor alleged that the dataset originates from Stockaholics, a U.S.-based online community focused on stock market discussions, trading strategies, investing, cryptocurrencies, and financial market analysis. The forum reports more than 12,500 registered members and hosts discussions across equities, penny stocks, forex, and cryptocurrency topics.
Sample data shared as proof
To support the claim, the threat actor published a small sample of records allegedly extracted from the platform. The exposed fields reportedly include usernames, email addresses, account status information, user roles, registration dates, activity timestamps, language settings, timezone preferences, and forum-related metadata.
The sample appears to include administrator and moderator accounts alongside regular user profiles. BreachNews is not reproducing the leaked records or email addresses.
Analysis of the sample suggests the data may not be recent. Multiple account registration timestamps correspond to March and April 2016, while several visible last activity dates appear to cluster around early 2019. The records also contain user titles referencing Stockaholics contests held in 2017. While these indicators do not prove when the data was obtained, they suggest the dataset could represent an older database rather than a recent compromise.
The structure of the records appears consistent with a XenForo forum user database, including fields associated with permissions, user groups, moderation status, trophies, conversations, and account activity. However, BreachNews could not independently verify the authenticity of the data.
If authentic, the exposure could present phishing, credential-stuffing, and account takeover risks, particularly for users who may have reused passwords across multiple services. Individuals concerned about potential exposure should review steps outlined in our guide on how to respond when you receive a data breach notification. The sample provided by the actor did not contain visible password hashes, although it remains unclear whether additional data was included in the purported dataset.
Timestamps raise questions about data age
Several visible records contain activity timestamps that translate to dates between 2016 and 2019, with no immediately identifiable evidence of more recent user activity in the sample provided. As a result, it remains unclear whether the data stems from a recent intrusion, an older compromise, or a previously exposed database that has resurfaced online.
The threat actor did not provide sufficient information to independently determine the full scope, age, or origin of the alleged dataset.
No public statement issued
Stockaholics had not issued any public statement regarding the allegations at time of publication.
As with all unverified breach claims, readers should treat the allegations with caution until additional evidence emerges or the organization confirms an incident.
