Security Experts:

Connect with us

Hi, what are you looking for?



Law Enforcement Raid Blamed For LeakedSource Shutdown

The controversial data breach notification service LeakedSource has been down for nearly 24 hours and it is rumored that the website has gone offline following a law enforcement raid.

The controversial data breach notification service LeakedSource has been down for nearly 24 hours and it is rumored that the website has gone offline following a law enforcement raid.

LeakedSource is the service that disclosed many of the mega breaches that came to light in 2016, including the ones affecting FriendFinder Networks, VerticalScope,, LinkedIn, DailyMotion and Rambler. These leaks have led to 2016 being a record year for data breaches, with a total of more than 4.2 billion records exposed.

The operators of LeakedSource have not been active on Twitter since January 10 and users have complained on several occasions about the website being down. The service is now once again offline, but this time some people believe it will not be returning.

A message (cached) posted on Thursday by a user on a hacking forum claimed “LeakedSource is down forever and won’t be coming back.”

“Owner raided early this morning. Wasn’t arrested, but all SSD’s got taken, and Leakedsource servers got subpoena’d and placed under federal investigation. If somehow he recovers from this and launches LS again, then I’ll be wrong. But I am not wrong,” the user said.

While this statement has led some to believe that the owner of LeakedSource has been targeted by law enforcement in the United States, the company claimed in the past that it was based outside the U.S.

Users have complained on several hacker forums that they had just purchased a subscription on LeakedSource. Others have already started advertising alternative services.

SecurityWeek has reached out to LeakedSource representatives and will update this article if they respond.

Some members of the industry said they would not be surprised if the reports of a raid turn out to be true. Troy Hunt, the Australian security expert who runs the breach notification service Have I Been Pwned, pointed out that, unlike the website he operates, LeakedSource has often been used for malicious purposes.

LeakedSource stored a lot of sensitive information – its databases allegedly held 3.1 billion accounts – and users who paid for a subscription were given access to data such as usernames, passwords (hashed and clear text), email addresses, and IP addresses.

Hunt noted that while LeakedSource had been operating from behind CloudFlare, its real IP address could have been easily obtained by law enforcement using freely available services such as CrimeFlare.

“By late 2016, it was becoming apparent that their actions were erring very much on the black side of grey. There was a constant flow of data that wasn’t appearing anywhere else in the usual trading circles before first coming to air via their service,” Hunt said in a blog post.

“Speculation was rife that there was incentivisation occurring not just to provide data that had already been obtained, but to actively seek out new targets that could subsequently be added to the feed of data then monetised by selling the personal information of the victims to whomever was willing to pay for it. This was always rumoured amongst those ‘in the scene’, but it’s not yet clear whether this contributed to the take down or if it was solely due to the services directly provided on the site,” he added.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.