A joint law enforcement operation has dismantled LeakBase, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools.
The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between members as of December 2025. Those attempting to access the forum’s website (“leakbase[.]la“) are now greeted with a seizure banner that says it was confiscated by the U.S. Federal Bureau of Investigation (FBI) as part of an international law enforcement effort.
“All forum content, including users’ accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes,” the banner reads.
Available in English and accessible over the clearnet, LeakBase offered hacked databases, including hundreds of millions of account credentials and financial information such as credit and debit card numbers, banking account and routing information, usernames, and associated passwords that could be abused to facilitate account takeovers.
According to a report published by Flare in April 2023, LeakBase explicitly prohibited users from peddling or publishing Russian databases, likely in an attempt to avoid scrutiny. The forum has been active since 2021.
LeakBase is one of the aliases for Chucky, who also goes by the monikers Chuckies and Sqlrip across various underground forums. Per SOCRadar, the threat actor has a track record of sharing vast collections of databases, often containing sensitive information from global entities.
What’s more, SpyCloud revealed early last month that the forum had been down for a few days and that Chucky was looking for a new hosting provider. Some of the other known administrators and moderators of LeakBase include BloodyMery, OrderCheck, and TSR.
As part of the disruption exercise codenamed Operation Leak that took place on March 3 and 4, 2026, authorities executed search warrants, made arrests, and conducted interviews in the U.S., Australia, Belgium, Poland, Portugal, Romania, Spain, and the U.K.
In a coordinated announcement, Europol said LeakBase specialized in the sale of stealer logs, which contain archives of credentials harvested through infostealer malware. The information could be weaponized to conduct account takeover, fraud, and other cyber intrusions.
The agency said around 100 enforcement actions were conducted across the world, including taking unspecified measures against 37 of the most active users of the platforms.
“The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users’ accounts, posts, credit details, private messages, and IP logs for evidentiary purposes,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
The Hacker News
