U.S. authorities have announced the seizure of LeakBase, a major online forum used for buying and selling stolen data and cybercrime tools. The Department of Justice stated that LeakBase had over 142,000 members and more than 215,000 messages exchanged between users. The forum, which operated in English on the open web, maintained a large archive of hacked databases from high-profile attacks, containing hundreds of millions of account credentials.
According to court documents unsealed on March 3, LeakBase allowed users to sell stolen information from databases belonging to U.S. corporations and individuals. The data included credit and debit card numbers, banking account details, usernames and passwords, as well as other sensitive business and personal information.
Law enforcement agencies in 14 countries participated in coordinated actions against LeakBase on March 3 and 4. The operation was hosted by Europol in The Hague. Authorities shut down the forum, seized its data and domains, posted seizure notices on its sites, sent prevention messages to members, collected evidence, executed search warrants and arrests, and conducted interviews in several countries including the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
Assistant Attorney General A. Tysen Duva said: “The takedown of this cyber forum disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking and account credentials. This operation illustrates the strength of the United States and our international partners working across the globe to dismantle a critical cybercriminal forum. The Criminal Division will continue to leverage our international relationships to protect victim personal and account information from falling into the hands of transnational criminal organizations.”
U.S. Attorney Melissa Holyoak for the District of Utah stated: “This 14-country operation demonstrates the extraordinary cooperation with our international partners. Working with our partners, we can take down even the most sophisticated cyber criminals and networks. My office remains steadfast in our commitment to investigate and seek justice for Americans who are targeted by individuals attempting to hide behind foreign borders.”
Assistant Director Brett Leatherman of the FBI’s Cyber Division added: “The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users’ accounts, posts, credit details, private messages, and IP logs for evidentiary purposes. Together with our partners, we are sending a message that no criminal is truly anonymous online and removing an easy point of access to stolen information on American businesses and individuals. The FBI will continue to defend the homeland by dismantling the key services that cybercriminals use to facilitate their attacks.”
Special Agent in Charge Robert Bohls of the FBI Salt Lake City Field Office said: “Hiding behind a screen does not shield cybercriminals from accountability. This international operation demonstrates the strength of our global alliances and our shared commitment to disrupting platforms that facilitate the theft of data and the victimization of innocent people and organizations worldwide. Together we will continue to identify dismantle and hold accountable those who seek to profit from cybercrime no matter where they operate.”
This action follows earlier disruptions targeting similar marketplaces such as RaidForums in 2022 (https://www.justice.gov/opa/pr/justice-department-announces-disruption-illegal-online-marketplace-raidforums) and BreachForums in 2023 (https://www.justice.gov/opa/pr/justice-department-announces-seizure-breachforums-world-s-largest-hacker-forum), along with convictions related to these forums.
The investigation is being led by the FBI Salt Lake City Field Office with assistance domestically from FBI San Diego Field Office as well as local law enforcement agencies including Utah Department of Public Safety and Provo Police Department.
Senior Counsel Matthew A. Lamberti from DOJ’s Computer Crime & Intellectual Property Section (CCIPS) along with Assistant U.S Attorneys Brent L Andrus and Carl D LeSueur are prosecuting this case; significant support came from DOJ’s Office of International Affairs; Europol; and law enforcement authorities across Australia Belgium Canada Germany Greece Kosovo Malaysia Netherlands Poland Portugal Romania Spain UK.
Since 2020 CCIPS has secured convictions for more than 180 offenders related to cybercrime or intellectual property crime; courts have ordered over $350 million returned directly to victims during this period.
Anyone with information regarding LeakBase is asked to contact FBI at FBI-SU-Leakbase@fbi.gov.
