Key Findings

• The Federal Bureau of Investigation (FBI) seized the LeakBase cybercrime forum (leakbase[.]la) as part of "Operation Leak", an international crackdown led by Europol.

• LeakBase was a key hub in the cybercrime ecosystem, specializing in trading leaked databases and "stealer logs" containing compromised credentials.

• The forum had over 142,000 registered users, approximately 32,000 posts, and more than 215,000 private messages as of December 2025.

• Law enforcement agencies carried out coordinated actions worldwide, including arrests, house searches, and about 100 interventions targeting 37 of the most active users of the LeakBase forum.

• Authorities seized the LeakBase database, allowing investigators to deanonymize multiple users who believed they operated anonymously.

• The operation highlights how stolen data from breaches often resurfaces on cybercrime forums and fuels scams, identity theft, account takeovers, and phishing.

Background

Active since 2021, LeakBase became a key hub in the cybercrime ecosystem, specializing in trading leaked databases and "stealer logs" containing credentials stolen by infostealer malware. Operating openly in English, the forum combined marketplace and discussion features, allowing cybercriminals to buy, sell, and exchange compromised data.

Coordinated International Effort

On March 3, law enforcement agencies carried out coordinated actions worldwide, including arrests, house searches, and about 100 interventions targeting 37 of the most active users of the LeakBase forum. The next day, law enforcement seized the platform's domain and replaced it with a law-enforcement notice, marking the start of the disruption phase.

Europol's Role

Europol supported the operation by mapping the forum's infrastructure and analyzing user activity, linking suspects, victims, and evidence across borders. Specialists at Europol's headquarters in The Hague examined seized data and generated investigative leads. The effort took place within the Joint Cybercrime Action Taskforce, while a Joint Command Post coordinated real-time intelligence sharing during the global action.

Deanonymization of Users

Authorities seized the LeakBase database, allowing investigators to deanonymize multiple users who believed they operated anonymously. Officers also contacted suspects through the same online channels used for criminal activity, sending a clear warning that anonymity online is limited.

Importance of Cybersecurity Measures

The operation also highlights how stolen data from breaches often resurfaces on cybercrime forums and fuels scams, identity theft, account takeovers, and phishing, underscoring the importance of strong passwords and multi-factor authentication.

Sources

• https://securityaffairs.com/188958/cyber-crime/operation-leak-fbi-and-europol-dismantle-leakbase-cybercrime-forum.html

• https://thehackernews.com/2026/03/fbi-and-europol-seize-leakbase-forum.html

• https://www.reddit.com/r/cybersecurity/comments/1rksvuj/fbi_and_europol_dismantle_leakbase_cybercrime/

• https://cyberpress.org/operation-leak-shuts-down-leakbase-cybercrime/