Leak Zone Cybercrime Forum Database Breach Compromised User IP Addresses

• Breach details: A significant, unprotected database exposed sensitive user information, primarily associated with the Leak Zone cybercrime forum.
• Database content: Each entry consisted of a web request with the domain to which the request was sent and the user’s IP address, and metadata.
• Significance: These user IP addresses belonging to members of the cybercriminal forum could be leveraged by authorities.

The controversial cybercrime forum Leak Zone has suffered a severe security lapse, exposing sensitive user information via an unprotected Elasticsearch database that was accessible online without a password. The database contained about 22 million objects that reveal user IP addresses and login timestamps.

Details of the Data Exposure  

The database, discovered on July 18 by researchers at UpGuard, consisted of web request entries containing the domain to which the request was sent, the user’s IP address, and metadata like their location and internet provider. They were as recent as June 25, and updates came in real time.

Alarmingly, users logging into the forum without anonymization tools such as VPNs could have their real-world locations compromised. 

Of the exposed records, 95% corresponded to user logins, while the second most common domain, mentioned in 2.7% of records, was the AccountBot website, a service for selling compromised streaming accounts.  

Leak Zone, known for sharing hacked databases, stolen credentials, and illegal services, boasts a user base exceeding 109,000 members. The entire data set contained 185,000 unique IP addresses, as some users routed their traffic through public proxies and VPNs hosted on standard cloud infrastructure.

Yet, “it’s entirely possible that the concentrated traffic emerging from certain IP addresses is the result of bots scraping the site on behalf of cybersecurity companies,” the report warns.

Implications of the User IP Address Leak  

The user IP address leak now poses exposure risks for Leak Zone members. Law enforcement agencies may use these records to identify individuals involved in illegal activities. 

GDPR classifies client IP addresses as PII due to their utility for identifying a person, the report added. The data breach further highlights systemic flaws in securing forums that engage in illicit online activities.  

Conclusion  

UpGuard confirmed the database has since been taken offline. This situation underscores broader challenges associated with cybercrime forums.  

In other related news, a recent dark web leak exposed 184 million plaintext passwords in an unprotected database.