LeakBase Hacker Forums Dismantled in Global Law Enforcement Operation, 37 Highly Active Users Targeted
Published
Key Takeaways
- Platform Disruption: International law enforcement successfully executed a coordinated global cybercrime operation to completely shut down LeakBase, a massive illicit data repository.
- User Deanonymization: Authorities seized the platform's primary domain and core database, which counted 142,000 registered users.
- Tactical Enforcement: The Europol cybercrime action involved 100 direct enforcement measures across multiple jurisdictions, specifically targeting 37 highly active platform participants.
Authorities have successfully neutralized LeakBase, a prominent platform dedicated to the illicit trade of compromised enterprise and user credentials. Law enforcement agencies have effectively disrupted a major node in the underground digital economy through a highly coordinated global cybercrime operation.
The tactical operation unfolded in early March, guided by an extensive intelligence-mapping phase. During this Europol cybercrime action, agencies executed approximately 100 tactical interventions worldwide, including arrests, digital forensics searches, and direct engagements with 37 of the platform's most active participants.
Stolen Data Marketplace
With the LeakBase forum dismantled, authorities seized its primary domains and deployed a law enforcement splash page, immediately halting the distribution of millions of stolen digital assets.
“The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users’ accounts, posts, credit details, private messages, and IP logs for evidentiary purposes,” said the FBI’s Cyber Division Assistant Director Brett Leatherman.
By seizing the central database, data scientists and investigators rapidly extracted actionable intelligence to deanonymize users who previously relied on the platform's presumed operational security.
Active since 2021, LeakBase served as a sophisticated marketplace for stolen data, including illegally obtained information from U.S. corporations and individuals. The platform facilitated the exchange of breached databases, credit and debit card numbers, banking account and routing information, and stealer logs harvested directly via infostealer malware.
Operating on the open web with a credit-based economy, the LeakBase infrastructure supported a massive user base exceeding 142,000 registered accounts and over 215,000 private communications.
Implications for Enterprise Security
With threat actors actively exchanging network access data, organizations face elevated risks of account takeovers and targeted intrusions. Law enforcement now utilizes seized digital trails to unmask additional offenders, directly mitigating the rapid circulation of stolen network data.
The announcement follows the disruption of predecessor cybercrime marketplaces RaidForums in 2022, which in December 2025 was seeking new ownership, and BreachForums in 2023, which reemerged in 2025, a couple of months after its founder was resentenced.
Last month, Incognito Market operator Rui-Siang Lin was sentenced, and law enforcement dismantled the longest-running dark web drug market Archetyp in June 2025.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular