DOJ seizes LeakBase, one of the world's biggest hacker forums

Investigators claim they preserved private messages and IP logs

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

What just happened? One of the internet's largest hacker marketplaces just received an unwelcome addition: a seizure banner. US authorities say they've taken control of LeakBase, an English-language forum on the open web used to buy and sell stolen data and cybercrime tools.

The Department of Justice describes LeakBase as a clearinghouse for hacked databases. Alongside the "hundreds of millions" of account credentials, it offers credit and debit card numbers, banking details, and other personally identifiable information that can fuel account takeovers and fraud.

The site ran as a subscription marketplace (with pricier premium access) and trafficked in everything, though it specialized in leaked databases and stealer logs – archives of stolen credentials harvested through infostealer malware.

An affidavit unsealed on March 3 claims the forum had more than 142,000 members and over 215,000 messages.

LeakBase Splash Page

The takedown unfolded across March 3 and 4, with synchronized actions in 14 countries in an operation coordinated out of Europol's HQ in The Hague.

// Related Stories

• Leaked government-grade iPhone hacking tools now used to steal crypto and data from users
• Those cheap Windows and Office keys might come from a federal crime

Domains were seized, the site was knocked offline, and investigators sent prevention messages to members – the digital equivalent of a cop knocking on the door and politely asking what, exactly, you're doing with that spreadsheet of passwords.

LeakBase's current landing page warns that all forum content, including private messages and IP logs, has been preserved "for evidentiary purposes," and that attempts to interfere may trigger additional charges. In other words: if you were thinking about cleaning up your DMs, you're a little late.

Europol and partner agencies also went after the forum's most active users. Europol says authorities carried out roughly 100 enforcement actions worldwide and took measures against 37 top users.

The DOJ confirmed search warrants, arrests, and interviews in countries including the US and UK, but doesn't provide a final tally.

The DOJ frames this operation as the latest in a series of marketplace hits, following earlier disruptions of RaidForums in 2022 and BreachForums in 2023.

"The takedown of this cyber forum disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking and account credentials," said Assistant Attorney General A. Tysen Duva of the Justice Department's Criminal Division. "This operation illustrates the strength of the United States and our international partners working across the globe to dismantle a critical cybercriminal forum. The Criminal Division will continue to leverage our international relationships to protect victim personal and account information from falling into the hands of transnational criminal organizations."