What is Leak Zone and what type of activities occur on the forum?

Leak Zone is a self-described 'leaking and cracking forum' where users trade stolen data and breached credentials. The forum supports illegal activities related to cybercrime, including the exchange of compromised information and unauthorized access credentials.

What security lapse affected the Leak Zone cybercrime forum?

Leak Zone experienced an ironic security breach that exposed the IP addresses and login timestamps of its own users through an unsecured database. An Elasticsearch database connected to the forum was left openly accessible to the internet without any password protection or access controls.

Who discovered the exposed database and how much data was involved?

Cybersecurity researchers at UpGuard discovered the exposed database. The database contained over 22 million login records, representing login sessions rather than unique individuals. According to Leak Zone's own claims, the forum has more than 109,000 registered users.

What specific user information was exposed in the database?

The exposed data includes IP addresses of forum users, precise login timestamps, proxy usage indicators showing whether users accessed the site through VPNs or other anonymization tools, and real-time user activity patterns. This information could potentially be used to identify users who accessed the forum without proper anonymization protections.

What are the potential implications for law enforcement?

The exposed information could potentially be used by law enforcement agencies to identify cybercriminals who accessed the forum without proper anonymization protections. The database captured precise timestamps and IP addresses, along with indicators of whether users were using VPNs or proxies, providing valuable investigative data.

Is the exposed database still accessible to the public?

No, UpGuard confirmed that the exposed database is no longer accessible online, indicating that the security issue appears to have been fixed. However, it's unclear whether this was due to the operators becoming aware of the exposure or other factors.

What does this incident reveal about cybercriminal operational security?

This incident highlights the ironic situation where a forum dedicated to trading stolen data and breached credentials suffered from poor operational security practices themselves. The exposure demonstrates that even cybercriminals can make basic security mistakes, such as leaving databases unprotected, which can potentially compromise the anonymity and security of their own users.

Incident

Cybercrime forum Leak Zone leaks 22 Million user login records

Q: Did the exposed data include information from other cybercrime sites?

Yes, UpGuard researchers verified that 95% of the exposed records related to Leak Zone user logins, while the remaining 5% referenced accounts associated with AccountBot, another cybercrime site focused on selling access to compromised streaming service accounts.

published: July 24, 2025

Take action: Hackers are no better in securing their infrastructure than their victims. But that doesn't mean we shouldn't work to be better.

Learn More

A cybercrime forum that supports illegal activities has an ironic security lapse that exposed the IP addresses and login timestamps of its own users through an unsecured database.

Leak Zone, a self-described "leaking and cracking forum" where users trade stolen data and breached credentials, left critical user information accessible to anyone. Cybersecurity researchers at UpGuard, found an Elasticsearch database connected to Leak Zone that had been left openly accessible to the internet without any password protection or access controls.

Exposed data includes:

IP addresses of forum users
Precise login timestamps
Proxy usage indicators (whether users accessed the site through VPNs or other anonymization tools)
Real-time user activity patterns

The exposed database contained over 22 million login records. These records represent login sessions rather than unique individuals. According to Leak Zone's own claims, the forum has more than 109,000 registered users. UpGuard researchers verified that 95% of the exposed records related to Leak Zone user logins, and the remaining 5% referenced accounts associated with AccountBot, another cybercrime site focused on selling access to compromised streaming service accounts.

The exposed database captured precise timestamps of when users accessed the illegal forum, along with their IP addresses and indicators of whether they were using anonymization tools like VPNs or proxies. This information could be used by law enforcement agencies to identify cybercriminals who accessed the forum without proper anonymization protections.

TechCrunch journalists verified the accuracy of the exposed data by creating a test account on Leak Zone and logging into the forum. Their IP address and the exact timestamp of their login immediately appeared in the exposed database, confirming that the system was capturing and storing user activity data in real-time.

Researchers attempted to contact Leak Zone administrators to notify them of the security exposure but were unable to send messages due to forum software restrictions that blocked communications with administrators. It's unclear whether the forum operators are aware of the data exposure or whether they have notified their users about the security lapse.

UpGuard confirmed that the exposed database is no longer accessible online, so it seems the security issue has been fixed.

Cybercrime forum Leak Zone leaks 22 Million user login records

Read More
Cisco reports data breach after voice Phishing attack …
Cloudflare outage brings down major websites Including Twitter, …
Intel Broker hacker claims breach of Nokia internal …
Vercel Discloses Internal System Breach Following Third-Party OAuth …
Unicoin reports compromise of their G-Suite account