Major Data Leak Forum Dismantled In Global Action Against Cybercrime Forum
Credit: Europol
March 5, 2026
By Eurasia Review
A major online forum for stolen data has been dismantled following an international operation coordinated by Europol.
The forum, known as LeakBase, had established itself as a central hub in the cybercrime ecosystem, specialising in the trade of leaked databases and so-called “stealer logs” – archives of stolen credentials harvested through infostealer malware. Accessible on the open web and operating in English, the platform combined elements of a forum and discussion board, enabling cybercriminals to buy, sell and exchange compromised data.
Between 3 and 4 March, coordinated actions across multiple jurisdictions severely disrupted the forum’s operations and targeted its most active users.
A hub for stolen credentials
Active since 2021, LeakBase maintained a vast and continuously updated archive of breached databases, ranging from historical leaks to newly compromised data. The forum featured large volumes of credential pairs – including email and password combinations – and other access credentials used to facilitate account takeover, fraud and further cyber intrusions.
A credit-based economy and reputation-driven user system helped build trust among offenders and sustain a thriving underground forum. One of the forum’s notable internal rules prohibited the sale or publication of any data related to Russia.
By December 2025, LeakBase counted more than 142 000 registered users, approximately 32 000 posts and over 215 000 private messages, underlining its scale and global reach.
Global operational phase
On 3 March, law enforcement authorities carried out coordinated enforcement actions across multiple jurisdictions, including arrests, house searches and “knock-and-talk” interventions. Around 100 enforcement actions were conducted worldwide, including measures against 37 of the most active users of the platforms.
On 4 March, authorities moved to the technical disruption phase, seizing the forum’s domain and replacing it with a law enforcement splash page.
The operation now enters a prevention phase aimed at deterring further criminal activity and raising awareness of the consequences of engaging in cybercrime.
Europol’s support
Europol’s analysts mapped the forum’s infrastructure and user activity, cross-matching data with ongoing investigations across Europe and beyond. Sensitive information was exchanged securely via Europol, enabling investigators to connect suspects, victims and digital evidence across borders.
An operational data sprint at Europol’s headquarters in The Hague brought together specialists to rapidly analyse seized data and identify high-value targets. A dedicated data scientist supported the case, extracting and structuring millions of data points to generate actionable leads.
The partners have been working closely together within the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol to prepare for the final phase of the investigation.
On the action day, Europol set up and coordinated a Joint Command Post, allowing participating countries to share live updates and intelligence in real time as enforcement measures unfolded worldwide.
Eurasia Review
Eurasia Review is an independent Journal that provides a venue for analysts and experts to publish content on a wide-range of subjects that are often overlooked or under-represented by Western dominated media.
No comments:
Post a Comment