U.S. and European authorities seized the site’s database, exposing 142,000 members linked to stolen credentials and hacking tools.
One of the web’s largest cybercrime forums taken offline
U.S. and European law enforcement agencies have seized the infrastructure and database of LeakBase, a notorious cybercrime forum accused of distributing stolen passwords and hacking tools.
Authorities describe LeakBase as “one of the world’s largest online forums for cybercriminals.”
The platform hosted massive collections of stolen data used by hackers to break into accounts and steal digital assets.
Key details from the investigation:
- 142,000 registered members
- 215,000 messages exchanged between users
- A vast archive of hacked databases
The site had been operating since 2021 before being taken down this week.
A marketplace for stolen credentials
LeakBase specialized in sharing and trading compromised login credentials and financial data.
According to investigators, the platform contained databases holding hundreds of millions of records, including:
- Account usernames and passwords
- Credit card numbers
- Bank account and routing information
These datasets often originate from earlier data breaches and are reused in credential-stuffing attacks, where hackers attempt to log into accounts using previously leaked passwords.
The stolen credentials are commonly used to access:
- Email accounts
- Social media platforms
- Financial services
- Cryptocurrency wallets
International crackdown targeting key users
The takedown was part of a coordinated international law enforcement operation.
Authorities reported approximately 100 enforcement actions worldwide, including measures targeting the forum’s most active participants.
The operation included:
- Investigations into the top 37 active users
- 13 arrests
- Searches and interviews involving 33 suspects
Investigators also captured the entire LeakBase database, including its internal communications.
This data could provide law enforcement with a roadmap to future cybercrime investigations.
FBI seizes domain and redirects traffic
Earlier this week, the FBI redirected LeakBase’s domain to infrastructure controlled by the agency.
Visitors to the site now see a seizure notice confirming that the platform has been shut down.
The notice states that authorities have preserved:
- Forum content
- Private messages
- IP address logs
That information could help investigators identify individuals involved in cybercrime activities.
Part of a broader war on credential marketplaces
The LeakBase takedown is part of a growing effort by international law enforcement to dismantle cybercrime marketplaces that trade stolen credentials.
These platforms have become critical infrastructure for hackers.
Once credentials appear in such forums, they can quickly spread across the underground economy and fuel:
- Identity theft
- Corporate data breaches
- Cryptocurrency theft
By targeting forums rather than individual hackers, investigators aim to disrupt the entire ecosystem enabling account takeovers.
Still, cybersecurity experts note that new forums often emerge to replace the old ones—making the fight against cybercrime a continuous game of digital whack-a-mole.
TL;DR:
U.S. and European law enforcement seized LeakBase, a major cybercrime forum with 142,000 members that shared stolen passwords and hacking tools. Authorities captured the site’s entire database and carried out 100 enforcement actions, including 13 arrests, as part of a global crackdown on credential marketplaces.
AI summary
- LeakBase cybercrime forum shut down by U.S. and EU police.
- Platform hosted hundreds of millions of stolen credentials.
- Authorities seized database with 142K members and 215K messages.
- 13 arrests and investigations into 37 top users.
- Part of broader crackdown on credential trading networks.
