By rssfeeds-admin This platform served as a hub for threat actors to trade stolen databases, credentials, and corporate data.
On March 4, 2026, authorities seized its domains leakbase[.]ws and leakbase[.]la, redirecting them to an FBI seizure banner.
LeakBase emerged rapidly after BreachForums’ takedown, attracting hackers with sections for initial access brokers, ransomware affiliates, and data dumps.
It hosted leaks from breaches like user credentials and credit cards, mirroring markets disrupted in prior ops like Qakbot.
Seizure Mechanics and Legal Framework
The operation relied on U.S. and German court orders. A warrant from the U.S. District Court for the District of Utah, led by the U.S.
Attorney’s Office and DOJ’s CCIPS invoked Title 18 (asset forfeiture) and Title 21 (access device fraud) of the U.S. Code. Domains now use FBI nameservers: ns1.fbi.seized.gov and ns2.fbi.seized.gov.
| Domain | Registration Date | Seizure Update | Status |
|---|---|---|---|
| leakbase.ws | Feb 7, 2026 | Mar 4, 2026 | FBI seizure banner |
| leakbase.la | Unknown | Mar 4, 2026 | FBI seizure banner |
This mirrors tactics in Blacksuit ransomware seizures.
Secured Evidence and Investigative Risks
Authorities preserved all forum data, including user accounts, posts, private messages, stolen credentials, and full IP logs. This trove enables attribution via IOCs like logged IPs tied to posts.
| IOC Type | Description | Potential Use Case |
|---|---|---|
| IP Logs | Full access histories of users | Geolocation, deanonymization |
| User Accounts | Handles, emails, crypto wallets | Cross-referencing breaches |
| Forum Posts | Data samples, trade logs | Ransomware TTP mapping (MITRE ATT&CK T1486) |
The FBI warns: interference risks charges. A tip line at FBI-SU-Leakbase@fbi.gov urges users to cooperate.
LeakBase’s fall disrupts the data-leak ecosystem, raising entry barriers for new actors. Organizations should scan for exposed creds using tools like Have I Been Pwned and enforce MFA.
| Mitigation Step | Action | Priority |
|---|---|---|
| Credential Check | Query breach databases | High |
| Network Monitor | Block leakbase[.]ws/la IPs | High |
| User Reporting | Contact FBI tip line | Medium |
Timeline: Forum active ~1 month; seized Mar 4, 2026. This op signals escalating pressure on cyber forums, per CISA trends.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Operation Leak Shuts Down LeakBase Cybercrime Forum, Authorities Seize User Data and IP Logs appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.