U.S. authorities, in collaboration with international partners, have seized the LeakBase database, a major online forum where cybercriminals bought and sold stolen data and hacking tools. The Department of Justice announced the operation, which involved law enforcement actions across 14 countries on March 3 and 4.
LeakBase reportedly had over 142,000 members and more than 215,000 messages exchanged between users. The forum was accessible on the open web in English and hosted a large collection of hacked databases from high-profile attacks. These included hundreds of millions of account credentials from both U.S. corporations and individuals. Users could sell stolen information such as credit card numbers, bank details, usernames with passwords, and other sensitive business or personal data.
The coordinated action led by Europol in The Hague resulted in the shutdown of LeakBase’s website and its two domains. Authorities posted seizure banners on the site, sent prevention messages to members, collected evidence, executed search warrants and arrests, and conducted interviews in several countries including Australia, Belgium, Poland, Portugal, Romania, Spain, the United Kingdom, and the United States.
Assistant Attorney General A. Tysen Duva stated: “The takedown of this cyber forum disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking and account credentials. This operation illustrates the strength of the United States and our international partners working across the globe to dismantle a critical cybercriminal forum. The Criminal Division will continue to leverage our international relationships to protect victim personal and account information from falling into the hands of transnational criminal organizations.”
U.S. Attorney Melissa Holyoak for Utah commented: “This 14-country operation demonstrates the extraordinary cooperation with our international partners. Working with our partners, we can take down even the most sophisticated cyber criminals and networks. My office remains steadfast in our commitment to investigate and seek justice for Americans who are targeted by individuals attempting to hide behind foreign borders.”
Assistant Director Brett Leatherman of the FBI’s Cyber Division said: “The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase… Together with our partners we are sending a message that no criminal is truly anonymous online… The FBI will continue to defend the homeland by dismantling key services that cybercriminals use to facilitate their attacks.”
Special Agent Robert Bohls added: “Hiding behind a screen does not shield cybercriminals from accountability… Together we will continue to identify, dismantle, and hold accountable those who seek to profit from cybercrime no matter where they operate.”
This action follows previous disruptions targeting RaidForums in 2022 and BreachForums in 2023; authorities also convicted BreachForums’ founder in 2025.
The FBI Salt Lake City Field Office led this investigation domestically with support from other field offices as well as state police departments.
Prosecutors involved include Senior Counsel Matthew A. Lamberti (Criminal Division’s Computer Crime & Intellectual Property Section) along with Assistant U.S. Attorneys Brent L. Andrus and Carl D. LeSueur for Utah.
Since 2020 CCIPS has secured convictions against over 180 individuals involved in cybercrime or intellectual property crime while obtaining court orders returning more than $350 million stolen from victims.
Anyone with information about LeakBase is encouraged to contact authorities at FBI-SU-Leakbase@fbi.gov.
