An international operation coordinated by Europol has dismantled LeakBase, an online forum used to trade stolen data.
LeakBase was accessible on the open web and operated in English, combining a forum and discussion board where users could buy, sell and exchange compromised information, Europol informed on Wednesday.
The site specialised in leaked databases and “stealer logs” — collections of stolen usernames and passwords gathered using “infostealer” malware, which covertly extracts data from infected devices.
LeakBase had been active since 2021 and hosted large volumes of email-and-password pairs and other access details linked to account takeovers, fraud and further cyber attacks.
By December 2025, the platform had more than 142,000 registered users, about 32,000 posts and over 215,000 private messages.
Arrests, searches and domain seizure
Coordinated actions took place between 3 and 4 March, with law enforcement agencies carrying out arrests, house searches and “knock-and-talk” visits — where officers approach suspects to gather information — across multiple jurisdictions, Europol said.
Around 100 enforcement actions were conducted worldwide, including measures against 37 of the platform’s most active users.
On 4 March, authorities seized LeakBase’s domain and replaced it with a law enforcement notice page.
Investigators also seized the forum’s database, which Europol said enabled the identification of some users who believed they were anonymous.
Authorities involved in the investigation included agencies from the UK, the US, Canada, Australia and a range of European countries, as well as Malaysia.
