FBI and Europol Dismantle Major Cybercrime Forum LeakBase, Disrupting Network of 142,000 Users
An extensive international law enforcement operation has successfully dismantled LeakBase, a prominent online marketplace for stolen data that had become a significant hub for cybercriminal activities. The operation, which took place between March 3 and 4, targeted the platform’s infrastructure and several of its most active users. LeakBase had amassed over 142,000 registered users and hosted thousands of posts offering leaked databases and stolen credentials.
The crackdown was coordinated by Europol, marking a critical step in the ongoing global efforts to disrupt the underground economy that thrives on stolen personal and corporate data. Authorities have indicated that the dismantling of this cybercrime forum significantly disrupted a platform widely used by criminals to trade compromised information and facilitate further cyberattacks.
LeakBase: A Growing Marketplace for Stolen Credentials
Active since 2021, LeakBase operated openly on the web and primarily utilized English, which allowed it to attract a global community of cybercriminals. The forum specialized in trading leaked databases and “stealer logs,” which are collections of credentials captured by infostealer malware. These logs typically contain email addresses, passwords, and other authentication data that criminals exploit to access online accounts. Once obtained, this information can be used for account takeovers, fraud schemes, and further cyber intrusions.
Over time, LeakBase developed a structured system that contributed to its rapid growth. The forum employed a credit-based economy and reputation system, enabling users to build credibility within the community and gain access to more valuable data. This system helped maintain trust among offenders and kept the marketplace active.
Despite being an international platform, LeakBase reportedly enforced an internal rule that prohibited the sale or publication of data related to Russia, highlighting the unusual dynamics that sometimes exist within cybercrime networks.
By December 2025, the forum had accumulated more than 142,000 registered users, approximately 32,000 posts, and over 215,000 private messages, underscoring its role as a major player in the underground data-trading ecosystem.
Coordinated Global Action Against the Cybercrime Forum
The operation to dismantle LeakBase involved law enforcement authorities from multiple countries, including Australia, Belgium, Canada, Germany, Greece, Malaysia, the Netherlands, Poland, Portugal, Romania, Spain, the United Kingdom, and the United States. On March 3, authorities launched coordinated enforcement actions that included arrests, house searches, and “knock-and-talk” visits targeting individuals suspected of being heavily involved in the forum’s activities. Approximately 100 enforcement actions were conducted globally, focusing on 37 of the most active users of the platform.
The following day, authorities moved to the technical disruption phase of the operation. Investigators seized the forum’s domain and replaced the website with a law enforcement notice, effectively shutting down the platform and preventing further activity. Officials have stated that the investigation is now entering a prevention phase aimed at deterring others from engaging in similar cybercrime operations.
Europol’s Role in Tracking the Forum
Europol analysts played a pivotal role in the investigation by mapping the infrastructure of the LeakBase forum and analyzing user activity across the platform. Investigators cross-matched the forum’s data with ongoing cases across Europe and other regions, aiding in the identification of suspects and connecting digital evidence across multiple jurisdictions.
At Europol’s headquarters in The Hague, a dedicated operational data sprint brought together specialists to process the seized information quickly. A data scientist also supported the investigation by structuring millions of data points to generate actionable leads for law enforcement teams. The operation was conducted under the framework of the Joint Cybercrime Action Taskforce (J-CAT), which supports international cybercrime investigations.
Anonymity in Cybercrime Is Often an Illusion
Authorities have indicated that the investigation exposed how fragile anonymity can be within the cybercrime world. By seizing the forum’s database, investigators were able to identify and deanonymize several users who believed they were operating under complete anonymity. In some instances, investigators contacted suspects directly through the same online channels that had facilitated criminal activity.
Edvardas Šileris, Head of Europol’s European Cybercrime Centre, noted that the operation sends a clear signal to cybercriminals operating online. He stated that the operation demonstrates that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable.
Stolen Data Rarely Disappears
Investigators warn that the shutdown of LeakBase highlights a broader reality about cybercrime. When organizations or individuals suffer a data breach, the stolen information often resurfaces on underground platforms where it can be reused for scams, phishing campaigns, or identity theft. While the dismantling of this cybercrime forum is a significant step, experts caution that similar marketplaces can quickly emerge to replace them.
For individuals, authorities emphasize the importance of basic cybersecurity hygiene, including using strong and unique passwords and enabling multi-factor authentication to reduce the risk of compromised accounts.
As reported by thecyberexpress.com.
Published on 2026-03-05 10:03:00 • By Staff Editor
