Breach notification website LeakedSource allegedly raided

Forum post to a known marketplace says servers were subpoenaed

Michael Kan

LeakedSource, a breach notification service that exposed some of 2016’s largest data breaches, might be facing a permanent shutdown.

According to a forum post on a well-known marketplace, the owner of LeakedSource was raided earlier this week, although the exact details of any potential law enforcement action remains a mystery.

At the start of the new year, LeakedSource indexed more than 3 billion records. Their collection is the result of information sharing between a number of sources, including those who hacked the data themselves. Access to the full archive requires a membership fee.

Sometimes the data LeakedSource obtains is recent, but that isn’t always the case. There have been numerous instances where LeakedSource obtained records from a data breach long after the attack had taken place and the data was no longer useful to those who compromised it.

On the OGFlip forum Thursday, a user posted vague details about the LeakedSource raid, but Salted Hash has been unable to verify the claims.

The U.S. Department of Justice will not comment, refusing to confirm or deny any investigations related to LeakedSource. The operators of the notification service itself have been offline for several days, and the LeakedSource website stopped working late Tuesday evening.

The message from OGF reads as follows:

“Leakedsource is down forever and won't be coming back. Owner raided early this morning. Wasn't arrested, but all SSD's got taken, and Leakedsource servers got subpoena'd and placed under federal investigation. If somehow he recovers from this and launches LS again, then I'll be wrong. But I am not wrong. (sic)”

LeakedSource has been behind a number of high-profile stories, including the recent data breach at E-Sports Entertainment Association (ESEA) and the millions of gaming passwords that were exposed due to vBulletin vulnerabilities.

Moreover, the notification service also shined a spotlight on the Weebly data breach; the Sanrio database that exposed 3.3 million Hello Kitty fans; the data breach; the data breach; the FriendFinder Networks data breach; and the Dailymotion data breach.

LeakedSource also made headlines for arching the data compromised during the LinkedIn, MySpace, Twitter, and data breaches.

The last time Salted Hash spoke to anyone at LeakedSource, the spokesperson said they were going to take a bit of a break. If the raid reports are true, their vacation might go on forever.

This story is developing and will be updated as events unfold.

H/T to Zack Whittaker at ZDNet for catching the OGF forum post.


Clarified the forum post context. Also, the original forum post cited above has been replaced with a new thread.

It's possible the entire thing was a hoax from the start (trolling the media is a game to some). Yet, as mentioned earlier, Salted Hash was not able to independently confirm the claims made on the forum.

However, the LeakedSource contacts are still unavailable via usual channels, and the website went offline earlier this week. So a raid sounds plausible, but that claim is coming from a person with no direct ties to LeakedSource.

Update 2:

Since this story broke, some additional questions have come up.

First, while the rumors surrounding the disappearance of LeakedSource continue to circulate, the one theory that keeps repeating is the ESEA hack.

On Twitter, the person behind the operation of an alternative breach notification service - going by the name Keen - said it was “significant that ESEA's database was not available anywhere else on the web, meaning [LeakedSource] bought it from the hacker.”

In an interview with Michael Kan, the US Correspondent for IDG News Service, Keen expanded on those remarks.

“They would always say things like ‘the data is publicly available.’ But most of the data was not publicly available. They were straight up buying it from hackers,” Keen said.

At this point, given that the LeakedSource website and its staff are still offline, there is no way to prove that ESEA hack is the source of their problems.

The other question surrounds the source of the story.

Word of LeakedSource’s problems originated from a user on OGFlip, a forum where members discuss or trade in various types of data, including social media accounts and email addresses. It's possible the original post was made just to promote the forum, but that seems unlikely given the current status of LeakedSource and its staff.

There have also been questions related to LeakedSource itself.

Privacy experts have always taken issue with how LeakedSource operated, particularly when it came to paid access to compromised records.

LeakedSource is a notification service, but they’re for-profit. In order to get unrestricted access to more than 3 billion records, a fee is required. But the cost was low, so professionals used LeakedSource right alongside criminals.

Troy Hunt, the person responsible for the "Have I been pwned?" database, published his take on the on the LeakedSource situation on Friday. He hit on the ethics of the matter rather clearly, concluding that “the web just became a safer place by their absence.”

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)