Cybercrime forum Leak Zone publicly exposed its users’ IP addresses

A notorious online platform known for sharing breached databases and illicit software has inadvertently revealed the IP addresses of its users to the public internet. Researchers from UpGuard uncovered that Leak Zone, a forum for hackers and cybercriminals, had left an Elasticsearch database accessible without any password protection. The alarming discovery was made on July 18, when the researchers found that the exposed database contained over 22 million records, including the precise timestamps of user logins. Despite lacking direct identifiers, the data could potentially allow for the identification of users who accessed Leak Zone without utilizing anonymity tools. Some entries even indicated whether a user logged in through a proxy service, like a VPN, which typically serves to mask a user's actual location. Since its rise to prominence in 2020, Leak Zone has marketed itself as a hub for a plethora of leaked information, including stolen credentials for various online accounts. The forum claims to host a user base exceeding 109,000 individuals. According to UpGuard, a staggering 95% of the records in the compromised database pertained to user logins on Leak Zone, while the remaining information was linked to another website, AccountBot, which sells access to compromised accounts used for streaming services. TechCrunch confirmed the breach by creating a new account on Leak Zone, which immediately resulted in a record of the login, complete with the associated IP address and timestamp being captured in the exposed database. The reasons behind the database's unintentional exposure remain unclear, with human error or misconfiguration often being the culprits in such cases rather than malicious intent. Efforts to reach out to the administrators of Leak Zone for a comment were unsuccessful, as the forum's software blocked attempts to send messages. It remains uncertain whether the forum's operators are aware of the security breach or if they plan to inform their users. As reported by UpGuard, the compromised database is no longer accessible. This incident underscores a growing trend, as law enforcement agencies worldwide ramp up efforts to target cybercrime platforms that facilitate hacking and identity theft. Recently, Europol announced the arrest of the alleged administrator of XSS.is, a well-known Russian-language cybercrime forum, as part of a larger crackdown on such illegal activities.