FBI and Europol Disrupt LeakBase Forum, Shut Down Stolen Credentials Marketplace
Law Enforcement Agencies Dismantle LeakBase Forum for Stolen Credentials
A joint operation by the FBI and Europol has resulted in the takedown of LeakBase, a prominent online forum used by cybercriminals to buy and sell stolen data and cybercrime tools.
Background of LeakBase
LeakBase, which had over 142,000 members and more than 215,000 messages as of December 2025, is no longer accessible, and its content has been secured for evidentiary purposes.
LeakBase, which was available in English and accessible over the clearnet, offered hacked databases containing hundreds of millions of account credentials and financial information, including credit and debit card numbers, banking account and routing information, usernames, and associated passwords.
Operation and Takedown
The takedown, codenamed Operation Leak, was conducted on March 3 and 4, 2026, and involved the execution of search warrants, arrests, and interviews in the U.S., Australia, Belgium, Poland, Portugal, Romania, Spain, and the U.K.
Around 100 enforcement actions were conducted worldwide, including measures against 37 of the most active users of the platform.
Impact of the Takedown
The seizure of LeakBase is a significant blow to cybercriminals who rely on the forum to buy and sell stolen data and cybercrime tools.
The operation highlights the importance of international cooperation in combating cybercrime and protecting sensitive information.
Europol’s Involvement
Europol noted that LeakBase specialized in the sale of stealer logs, which contain archives of credentials harvested through infostealer malware.
This information can be used to conduct account takeover, fraud, and other cyber intrusions.
The agency’s involvement in the operation demonstrates its commitment to disrupting cybercrime operations and protecting individuals and organizations from cyber threats.
About Author
English