LeakBase Data Breach Forum Seized in Major Europol Operation

Global Law Enforcement Shuts Down Major Data Marketplace

A sprawling online bazaar for stolen personal information has been erased from the web. In a coordinated international strike, law enforcement agencies led by Europol seized the domains of LeakBase, one of the world’s largest public forums for trading hacked data.

The site operated openly on the surface web, not the dark web, acting as a bustling marketplace. Its primary commodity was ‘stealer logs’—vast archives of usernames, passwords, and other credentials siphoned from victims’ computers by infostealer malware.

By the time of its takedown, the forum had grown to a massive community. Europol’s investigation revealed over 142,000 registered users, who had exchanged more than 215,000 private messages. The platform facilitated thousands of illegal transactions.

Operation Leak: Arrests, Searches, and a Clear Message

The action, codenamed ‘Operation Leak,’ culminated on March 3. Police across eight countries—including the US, UK, Australia, and several European nations—executed arrests, conducted house searches, and held interviews with suspects.

Authorities specifically targeted the platform’s most active members. Europol confirmed that 37 high-profile users were in their crosshairs, with dozens more under investigation. A day later, the final blow landed: the seizure of LeakBase’s domains.

Visitors to the site now find a law enforcement banner in its place. Crucially, investigators also captured the forum’s entire customer database, a treasure trove of evidence for identifying users who believed they were anonymous.

“This operation shows that no corner of the internet is beyond the reach of international law enforcement,” stated Edvardas Šileris, head of Europol’s European Cybercrime Centre. “What began as a shadowy forum for stolen data has now been dismantled.”

The message to cybercriminals was unequivocal. Trafficking in stolen information will lead to consequences. The anonymity of these platforms is an illusion.

The Endless Game of Whack-a-Mole

The takedown of LeakBase is the latest chapter in an ongoing battle against data trading forums. Its predecessors, like RaidForums and BreachForums, met similar fates in recent years.

Yet the problem persists, driven by an explosion in infostealer malware. One report indicated a staggering 800% increase in stolen credentials in the first half of 2025 compared to the previous six months, totaling 1.8 billion records.

This creates a ‘whack-a-mole’ dynamic. As soon as one forum is shuttered, another often pops up. The FBI and French police, for instance, had to shutter a new BreachForums domain again in 2025, just a year after its initial takedown.

The fight is expanding on multiple fronts. In a related move, a separate operation involving Microsoft and Europol recently disrupted ‘Tycoon2FA,’ a phishing-as-a-service site that helped criminals bypass multi-factor authentication (MFA) protections.

While each victory is significant, the sheer volume of stolen data and the profitability of the trade ensure that law enforcement’s work is never done. Operations like this one, however, prove that the moles can be hit hard.