This platform served as a hub for threat actors to trade stolen databases, credentials, and corporate data.
On March 4, 2026, authorities seized its domains leakbase[.]ws and leakbase[.]la, redirecting them to an FBI seizure banner.
LeakBase emerged rapidly after BreachForums’ takedown, attracting hackers with sections for initial access brokers, ransomware affiliates, and data dumps.
It hosted leaks from breaches like user credentials and credit cards, mirroring markets disrupted in prior ops like Qakbot.
The operation relied on U.S. and German court orders. A warrant from the U.S. District Court for the District of Utah, led by the U.S.
Attorney’s Office and DOJ’s CCIPS invoked Title 18 (asset forfeiture) and Title 21 (access device fraud) of the U.S. Code. Domains now use FBI nameservers: ns1.fbi.seized.gov and ns2.fbi.seized.gov.
| Domain | Registration Date | Seizure Update | Status |
|---|---|---|---|
| leakbase.ws | Feb 7, 2026 | Mar 4, 2026 | FBI seizure banner |
| leakbase.la | Unknown | Mar 4, 2026 | FBI seizure banner |
This mirrors tactics in Blacksuit ransomware seizures.
Authorities preserved all forum data, including user accounts, posts, private messages, stolen credentials, and full IP logs. This trove enables attribution via IOCs like logged IPs tied to posts.
| IOC Type | Description | Potential Use Case |
|---|---|---|
| IP Logs | Full access histories of users | Geolocation, deanonymization |
| User Accounts | Handles, emails, crypto wallets | Cross-referencing breaches |
| Forum Posts | Data samples, trade logs | Ransomware TTP mapping (MITRE ATT&CK T1486) |
The FBI warns: interference risks charges. A tip line at FBI-SU-Leakbase@fbi.gov urges users to cooperate.
LeakBase’s fall disrupts the data-leak ecosystem, raising entry barriers for new actors. Organizations should scan for exposed creds using tools like Have I Been Pwned and enforce MFA.
| Mitigation Step | Action | Priority |
|---|---|---|
| Credential Check | Query breach databases | High |
| Network Monitor | Block leakbase[.]ws/la IPs | High |
| User Reporting | Contact FBI tip line | Medium |
Timeline: Forum active ~1 month; seized Mar 4, 2026. This op signals escalating pressure on cyber forums, per CISA trends.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Operation Leak Shuts Down LeakBase Cybercrime Forum, Authorities Seize User Data and IP Logs appeared first on Cyber Security News.
Hoppers is in theaters now.It’s not exactly a new observation to say that Pixar’s once…
OpenAI on March 5, 2026, released GPT-5.4, its most capable and efficient frontier model to…
A public proof-of-concept (PoC) exploit has been released for CVE-2026-20127, a maximum-severity zero-day vulnerability in Cisco…
ROCKFORD, Ill. (WTVO) — The Winnebago County Mental Health Board awarded over $1.6 million in…
Warning: This review contains full spoilers for The Pitt Season 2, Episode 9!Considering that The…
If you were having issues shopping on Amazon or loading your playlists on Amazon Music…
This website uses cookies.