A flat-file dump of NextGenUpdate, a long-running gaming and modding forum, is circulating on BreachForums. The archive contains roughly 1.2 million records of username:email:ip:passwordhash with the passwords stored as MD5 with a delimited salt appended.
The userbase is what you would expect: console-modding hobbyists, jailbreakers, and homebrew developers who registered on the forum a decade ago and have probably forgotten the account exists. The interesting piece is the inclusion of forum staff accounts using @nextgenupdate.com email addresses, which gives any attacker doing reconnaissance on the modding community a tidy starting point for follow-on activity.
What's recoverable
MD5 with an appended salt is closer to "obfuscated plaintext" than to "hashed" by 2026 standards. Cracking individual passwords on a modern GPU is essentially free. Anything that was a real word, a date, a sports team, or a phrase will fall in seconds. The IP addresses paired with each record are equally useful for the attacker side: many of them still resolve to ISP-assigned ranges in the same metro area as the registered email, which lets a credential-stuffing operation target retries by geographic plausibility.
Treat the email and password as compromised wherever you reused them.