One of the world’s largest online forums for stolen data has been taken down following a global law enforcement operation coordinated by Europol.
LeakBase was an English-language site operating on the surface web which facilitated an illegal trade in stolen data, including stealer logs – archives of stolen credentials harvested through infostealer malware.
By December 2025, it had more than 142,000 registered users, with around 32,000 posts and over 215,000 private messages sent by those users, Europol revealed.
Coordinated action on March 3 led to arrests, house searches and “knock-and-talk” interviews by police in the US, Australia, Belgium, Poland, Portugal, Romania, Spain, and the UK.
Europol claimed 37 of the most active users of the platforms were targeted by police, as well as dozens more.
A day later, the authorities moved to seize two LeakBase domains and replace the homepage with a law enforcement notice promoting “Operation Leak.”
Read more on leak sites: FBI and French Police Shutter BreachForums Domain Again.
As part of the operation, law enforcers seized the forum’s customer database. Europol has vowed to continue tracing and unmasking offenders that used the site.
“This operation shows that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable,” said Edvardas Šileris, head of Europol’s European Cybercrime Centre.
“This is a clear message to cyber criminals everywhere: if you traffic in other people’s stolen information, law enforcement will find you and bring you to justice.”
The Latest in a Long Line of Takedowns
Operation Leak is the latest attempt to disrupt a flourishing trade in stolen data, driven by infostealer activity. A report from last year claimed that 1.8 billion credentials were stolen in the first half of 2025, an 800% increase compared to the previous six months.
Predecessors of LeakBase taken out by law enforcement included RaidForums in 2022, and BreachForums a year later.
However, the FBI and French police were forced to take action again in 2025 to shutter another BreachForums domain – highlighting the “whack-a-mole” game being played by site administrators and law enforcement.
In related news, a global operation led by Microsoft and Europol recently resulted in disruption to the notorious Tycoon2FA phishing-as-a-service site.
Tycoon2FA enabled threat actors using it to bypass multi-factor authentication (MFA). It was responsible for tens of millions of phishing messages reaching over 500,000 organizations each month worldwide.
