Contents
Global Law Enforcement Dismantles LeakBase: A Major Blow to Cybercrime
Europol, in a coordinated effort with law enforcement agencies from 14 countries – including the Polish Central Bureau for Combating Cybercrime (CBZC) – has successfully dismantled LeakBase, one of the world’s most prominent forums for trading stolen data. This sprawling platform boasted 142,000 users and facilitated the exchange of hundreds of millions of compromised records stemming from data breaches and malware campaigns. The extensive operation involved seizing the service’s infrastructure, confiscating its complete database, and arresting and searching its most active users.
What Was the LeakBase Forum?
LeakBase operated as a notorious English-language forum on the open web, functioning as a central hub within the cybercrime ecosystem. It combined the features of a traditional discussion forum with a digital bulletin board, specializing in the trade of leaked databases.
The platform served as a vast archive for stolen credentials, ranging from historical data breaches to newly acquired logs obtained through infostealer malware. Infostealers are malicious software designed to covertly extract sensitive information, such as passwords, banking details, and other personal data, from compromised systems.
To foster activity and “trust” among its members, LeakBase utilized a sophisticated reputation system and a credit-based model. Participants could enhance their standing by sharing data, brokering transactions, and actively engaging in discussions about exploits, offensive tools, and social engineering techniques. This structure, previously seen on infamous platforms like RaidForums and BreachForums, facilitated the rapid exchange of stolen data. It also lowered the barrier to entry for less experienced individuals in the cybercrime world, allowing them to easily purchase ready-made packages of compromised information.
Law enforcement estimates indicate that LeakBase, which had been active since 2021, accumulated over 142,000 registered users, approximately 32,000 posts, and more than 215,000 private messages by December 2025, solidifying its position as one of the largest marketplaces for stolen data globally.
Global Operation “Leak”
The operation targeting LeakBase, hailed by Europol as one of the largest actions against data breach trading platforms, unfolded in two primary phases on March 3rd and 4th, 2026.
Phase 1: Arrests and Raids
The initial phase involved coordinated operational activities, including arrests and house searches of key forum users across numerous countries. These nations included:
- USA
- Australia
- Belgium
- Poland
- Portugal
- Romania
- Spain
- United Kingdom
Brett Leatherman, Deputy Director of the FBI’s Cyber Division, stated, “The FBI, Europol, and law enforcement agencies worldwide have successfully dismantled LeakBase, one of the largest online cybercriminal platforms. We have seized user accounts, posts, credit data, private messages, and IP logs for evidentiary purposes.”
Phase 2: Infrastructure Takedown
The second stage focused on the technical disabling of LeakBase’s infrastructure. Domains associated with the forum were seized and redirected to servers controlled by law enforcement, displaying a clear notice of the site’s seizure. Concurrently, the forum’s backend technical assets were secured, including the complete database containing user accounts, posts, private messages, IP logs, and payment data. This valuable information will serve as crucial evidence in ongoing criminal proceedings.
FBI Special Agent Robert Bohls emphasized the significance of the operation: “This international operation demonstrates the strength of our global alliances and our shared commitment to disrupting platforms that facilitate data theft and harm innocent people and organizations worldwide. Together, we will continue to identify, eliminate, and hold accountable those who profit from cybercrime, regardless of where they operate.”
The Role of Poland’s CBZC and Arrests
The Polish Central Bureau for Combating Cybercrime (CBZC) played a crucial role in this extensive operation. As a unit of the Polish Police, the CBZC operated within the framework of Europol and the European Multidisciplinary Platform Against Criminal Threats (EMPACT), which focuses on combating the most severe threats posed by organized crime.
CBZC officers conducted operations across Poland, resulting in the arrest of six individuals linked to LeakBase’s activities. Prosecutors have charged these individuals under Article 269b §1 of the Polish Penal Code, which addresses the production, acquisition, provision, or disposal of hacking tools.
During searches conducted in Poland, law enforcement seized numerous devices and data carriers, including:
- Hard drives
- USB flash drives
- Mobile phones
- Desktop computers
- Laptops
These seized items are believed to contain both tools for cyberattacks and evidence confirming the involvement of the arrested individuals in the trade of stolen data. The collected evidence will be instrumental not only in current proceedings but also in further analyzing connections between forum users, malware campaigns, and specific data breach incidents in Poland and internationally.
Will the Closure of LeakBase Halt the Trade of Stolen Data?
The dismantling of LeakBase represents a significant blow to the cybercrime infrastructure. Rather than targeting individual perpetrators, this operation struck at an entire platform that facilitated the mass exchange of compromised data, illicit tools, and criminal services.
However, the history of underground forums suggests a cyclical pattern: after every high-profile shutdown, new services inevitably emerge to fill the void, often established by the same individuals or groups under different names. Therefore, experts emphasize that such operations must be accompanied by long-term strategies. These include:
- Consistent prosecution of platform operators and users.
- Disrupting the infrastructure of malware campaigns.
- Strengthening security measures for organizations and individual users to minimize the value of stolen data.
Frequently Asked Questions (FAQ)
What was LeakBase?
LeakBase was an English-language online forum that served as a central marketplace for trading stolen data, including credentials from data breaches and logs from infostealer malware. It also provided a platform for discussions on hacking tools and techniques.
How many users did LeakBase have?
By December 2025, LeakBase had accumulated over 142,000 registered users, making it one of the largest global markets for stolen data.
Which agencies were involved in the LeakBase takedown?
The operation involved Europol, the FBI, and law enforcement agencies from 14 countries, including the USA, Australia, Belgium, Poland (CBZC), Portugal, Romania, Spain, and the United Kingdom.
What was seized during the operation?
Authorities seized LeakBase’s server infrastructure, domains, and its complete database, which included user accounts, posts, private messages, IP logs, and payment data. Numerous devices and data carriers were also seized from arrested individuals.
Will the closure of LeakBase stop cybercrime?
While the takedown is a significant blow to cybercrime infrastructure, experts believe that new forums often emerge to replace dismantled ones. Effective long-term strategies require continuous prosecution, disruption of malware networks, and enhanced security for organizations and users.
Source: Europol, CBZC, Justice.gov, BleepingComputer. Opening photo: Gemini
About Post Author
