LeakBase, an online service that provided paid access to leaked credentials, was shut down over the weekend, what has happened?

LeakBase, an online service that provided paid access to leaked credentials, was shut down over the weekend and started redirecting to the data breach notification website HaveIBeenPwned.

We understand many of you may have lost some time, so in an effort to offer compensation please email, refund@leakbase.pw

Send your LeakBase username and how much time you had left.

We will have a high influx of emails so be patient, this could take a while — LeakBase (@LeakbasePW) December 3, 2017

The service started selling membership access in September 2016, claiming to provide access to two billion credentials resulting from major data leaks. In January 2017, after launching the paid breach notification service, the LeakedSource went dark, apparently because it was raided by feds. The popular investigator Brian Krebs associated the shutdown of the LeakBase service with the seizure of the Hansa black marketplace occurred in July, Krebs cited a source close to the matter. “A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.” wrote Krebs.

Leakbase reportedly came under new ownership in April 2017, after it was hacked. According to the anonymous source cited by Krebs, the new owners of Leakbase dabbled in dealing illicit drugs at Hansa dark web marketplace.

“The Dutch police had secretly seized Hansa and operated it for a time in order to gather more information about and ultimately arrest many of Hansa’s top drug sellers and buyers. ” continues Krebs.

“According to my source, information the Dutch cops gleaned from their Hansa takeover led authorities to identify and apprehend one of the owners of Leakbase. This information could not be confirmed, and the Dutch police have not yet responded to requests for comment.”

Leakbase denied the accusation in this tweet:

The fact that we need to tweet this is disappointing in its self, non of the LeakBase operators have any connections to Hansa.

The fact that this can be portrayed as near fact is astonishing as it is only a claim. — LeakBase (@LeakbasePW) December 4, 2017

Regardless of whether a connection to Hansa exists, the ownership of these services could prove that their commercial activity aimed to help potential victims of data breaches and not to facilitating further crimes.

Pierluigi Paganini

(Security Affairs – Leakbase, Hansa)

Share this...

Linkedin Reddit Pinterest

Share On