The FBI, in collaboration with international law enforcement bodies, has effectively shut down LeakBase, a well-known cybercriminal forum involved in the exchange of stolen databases. This action was part of a global initiative called ‘Operation Leak.’
Seizure of LeakBase Domains
The forum’s main websites, leakbase[.]ws and leakbase[.]la, now direct users to an FBI seizure notice, replacing their previous content. These domains have had their name servers updated to ns1.fbi.seized.gov and ns2.fbi.seized.gov, signaling their control by the authorities.
This operation was carried out following legal orders from both a German court and the United States District Court for the District of Utah. The orders were supported by the U.S. Attorney’s Office for the District of Utah and the Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS).
Legal Framework and Previous Operations
The legal framework for this action included multiple sections of the United States Code, specifically Titles 18 and 21, addressing asset forfeiture and fraud involving access devices. This is not the first instance of such decisive action; earlier, the FBI had dismantled the Qakbot infrastructure, which was heavily involved in ransomware activities causing extensive financial damage.
LeakBase rose quickly to prominence as a leading cybercriminal marketplace, where stolen data such as user credentials, credit card numbers, IP addresses, and corporate data were frequently traded.
Impact on Users and Community
The seizure notice warns previous forum participants that all content, including user accounts, posts, credit details, private messages, and IP logs, has been secured for evidence. This underscores the significant risk of investigation that former users now face.
The operation was supported by a wide network of international law enforcement agencies, highlighting the extensive reach of LeakBase in the cybercrime ecosystem. The forum’s domains were initially registered in early 2026, with the last update coinciding with the seizure date, marking a substantial disruption to the platform.
Authorities are urging those involved with LeakBase to come forward, providing a dedicated email tip-line for communication. Any attempts to access or modify the seized site could lead to further criminal charges.
Stay informed about cybersecurity by following us on Google News, LinkedIn, and X. Reach out to feature your cybersecurity stories with us.
