Cybercrime forum Leak Zone publicly exposed its users’ IP addresses
A major security lapse has exposed the IP addresses of users on Leak Zone, a prominent cybercrime forum known for trading breached databases and stolen credentials. Security researchers at UpGuard discovered an Elasticsearch database openly accessible on the internet without any password protection, revealing sensitive login data for its users.
The discovery, made on July 18, unveiled a staggering 22 million records containing the IP addresses and precise login timestamps of Leak Zone members. The data, dating as recently as June 25, was being updated in real-time, painting a detailed picture of user activity on the self-styled “leaking and cracking forum.”
While the records did not directly link to individual user identities, the exposed information could be critically used to unmask individuals who accessed Leak Zone without employing anonymization tools. Researchers noted that some records even indicated whether a user logged in via a proxy or a Virtual Private Network (VPN), offering clues to their attempts at concealment.
Leak Zone, which gained considerable traction since 2020, advertises a vast collection of compromised data, ranging from stolen accounts for streaming services to pirated software. The platform brazenly features a marketplace that explicitly promotes and facilitates “illegal services,” boasting a user base of over 109,000 members.
According to UpGuard, the exposed database predominantly contained login records for Leak Zone users, accounting for 95% of the data. The remaining 5% pertained to accounts associated with AccountBot, another platform involved in the trade of compromised accounts.
TechCrunch independently verified the exposure by creating a new Leak Zone account and logging in, observing immediate reflection of their IP address and login timestamp within the publicly accessible database.
The cause of this significant data exposure remains unconfirmed, though such incidents are frequently attributed to human error or misconfigurations rather than deliberate malicious acts. Efforts to contact Leak Zone administrators for comment were unsuccessful, leaving it unclear whether they are aware of the breach or if affected users will be notified.
Fortunately, UpGuard has confirmed that the database is no longer online, mitigating further immediate risk from this specific exposure.
This incident underscores the inherent risks within the cybercrime underworld, even for those operating within it. In recent years, global law enforcement agencies have intensified their efforts to disrupt and dismantle cybercrime forums. Notably, Europol recently announced the arrest of the alleged administrator of XSS.is, a prominent Russian-language cybercrime forum, as part of a major takedown operation, signaling a growing crackdown on such illicit online activities.
