This platform served as a hub for threat actors to trade stolen databases, credentials, and corporate data.
On March 4, 2026, authorities seized its domains leakbase[.]ws and leakbase[.]la, redirecting them to an FBI seizure banner.
LeakBase emerged rapidly after BreachForums’ takedown, attracting hackers with sections for initial access brokers, ransomware affiliates, and data dumps.
It hosted leaks from breaches like user credentials and credit cards, mirroring markets disrupted in prior ops like Qakbot.
The operation relied on U.S. and German court orders. A warrant from the U.S. District Court for the District of Utah, led by the U.S.
Attorney’s Office and DOJ’s CCIPS invoked Title 18 (asset forfeiture) and Title 21 (access device fraud) of the U.S. Code. Domains now use FBI nameservers: ns1.fbi.seized.gov and ns2.fbi.seized.gov.
| Domain | Registration Date | Seizure Update | Status |
|---|---|---|---|
| leakbase.ws | Feb 7, 2026 | Mar 4, 2026 | FBI seizure banner |
| leakbase.la | Unknown | Mar 4, 2026 | FBI seizure banner |
This mirrors tactics in Blacksuit ransomware seizures.
Authorities preserved all forum data, including user accounts, posts, private messages, stolen credentials, and full IP logs. This trove enables attribution via IOCs like logged IPs tied to posts.
| IOC Type | Description | Potential Use Case |
|---|---|---|
| IP Logs | Full access histories of users | Geolocation, deanonymization |
| User Accounts | Handles, emails, crypto wallets | Cross-referencing breaches |
| Forum Posts | Data samples, trade logs | Ransomware TTP mapping (MITRE ATT&CK T1486) |
The FBI warns: interference risks charges. A tip line at FBI-SU-Leakbase@fbi.gov urges users to cooperate.
LeakBase’s fall disrupts the data-leak ecosystem, raising entry barriers for new actors. Organizations should scan for exposed creds using tools like Have I Been Pwned and enforce MFA.
| Mitigation Step | Action | Priority |
|---|---|---|
| Credential Check | Query breach databases | High |
| Network Monitor | Block leakbase[.]ws/la IPs | High |
| User Reporting | Contact FBI tip line | Medium |
Timeline: Forum active ~1 month; seized Mar 4, 2026. This op signals escalating pressure on cyber forums, per CISA trends.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Operation Leak Shuts Down LeakBase Cybercrime Forum, Authorities Seize User Data and IP Logs appeared first on Cyber Security News.
Anybody who remembers the original Earth Day will know that people gathering together to pick…
A police officer was shot and wounded in Ashland on Monday evening after exchanging gunfire…
MindsEye staff members are suing developer Build a Rocket Boy, after company bosses reportedly admitted…
The original Top Gun and its recent sequel Top Gun: Maverick are both soaring back…
After 2024’s Vessel of Hatred expansion left me dangling off a narrative cliff like a…
Microsoft has dropped the price of Xbox Game Pass Ultimate from $29.99 per month to…
This website uses cookies.