Europol and U.S. forces seize LeakBase, shutter forum used to trade stolen credentials

Europol and U.S. law enforcement executed a coordinated international operation called Operation Leak on March 3 and 4 that dismantled LeakBase, a prolific online forum used to trade stolen databases and so‑called stealer logs. Authorities seized the forum's infrastructure and two associated domains, including leakbase[.]la, which now displays an FBI seizure banner. The U.S. Department of Justice says the platform had more than 142,000 registered members and that agents collected users' accounts, posts, credit details, private messages and IP logs for evidentiary use.

The operation, hosted by Europol's European Cybercrime Centre in The Hague, involved law enforcement in 14 countries and about 100 enforcement actions worldwide. Investigators carried out search warrants, interviews and arrests in multiple jurisdictions and took measures against 37 of the forum's most active users. The United States, Australia, Poland, Romania, Belgium, Spain, Portugal and the United Kingdom were among the countries where actions occurred. Authorities said analysts are still examining seized material and further arrests may follow.

Officials framed the takedown as a disruption of a critical supply chain for online fraud. "The takedown of this cyber forum disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking and account credentials," said Assistant Attorney General A. Tysen Duva of the Justice Department's Criminal Division. Assistant Director Brett Leatherman of the FBI's Cyber Division added, "The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users' accounts, posts, credit details, private messages, and IP logs for evidentiary purposes. Together with our partners, we are sending a message that no criminal is truly anonymous online and removing an easy point of access to stolen information on American businesses and individuals. The FBI will continue to defend the homeland by dismantling the key services that cybercriminals use to facilitate their attacks."

Europol cautioned that LeakBase specialized in selling stealer logs, archives of credentials harvested by infostealer malware that can be weaponized for account takeover, fraud and other intrusions. "This operation shows that no corner of the internet is beyond the reach of international law enforcement," said Edvardas Šileris, head of Europol's EC3. At a local level the message was stark: "hiding behind a screen does not shield cybercriminals from accountability," said FBI Special Agent in Charge Robert Bohls.

For communities and institutions, the takedown is only a first step. Security experts note that databases and credentials already traded publicly or copied before the seizure can continue to be exploited. The stolen datasets on LeakBase reportedly included financial and account information that could compound harms for already vulnerable people who rely on digital access to banking, benefits and health services. Victims of credential theft often face months of recovery, and community organizations that serve low‑income and marginalized populations may see disproportionate impacts as fraud forces account closures and credit damage.

Authorities reported they posted prevention messages to LeakBase members and will use seized material to pursue prosecutions, but they have not disclosed detailed charging documents or the identities of those arrested. Investigators urged individuals and institutions to monitor accounts and report suspected fraud to law enforcement and financial institutions. With analysis ongoing, officials said the operation may yield further arrests and additional disclosures in coming weeks.