Cybercrime forum Leak Zone leaked users’ IP addresses publicly, exposing identities and sparking privacy and security concerns.
Security researchers have discovered that a forum that advertises and shares breached databases, stolen credentials, and pirated software, which is self-titled “leaking and cracking,” was leaking the IP addresses of its logged-in users to the open web.
According to researchers at UpGuard, an Elasticsearch database was disclosed to the internet without a password by Leak Zone.
The researchers disclosed that they uncovered the database on July 18 and discovered that its data was accessible to anyone with a web browser in a blog post shared with TechCrunch before its publication.
The exposed database contained over 22 million records containing the IP address and precise timestamp of the last login for Leak Zone users. The database was updating in real-time, and the recordings were dated as recently as June 25.
The data could be employed to identify users who logged into Leak Zone without using anonymization tools, even though the records were not linked to individual users.
TechCrunch’s records suggest that a user is suspected of having logged in through a proxy, such as a VPN, which can help conceal the user’s real-world location.
The website Leak Zone, which garnered popularity in 2020, advertises access to a “vast collection of leaks ranging from breached databases to cracked accounts,” which refers to stolen credentials for logging into a person’s online accounts.
The site’s guidance also specifies that the forum provides a marketplace that explicitly endorses “illegal services.” According to a document on Leak Zone’s website, the forum is purported to have over 109,000 users.
According to UpGuard, 95% of the documents in the exposed database are associated with Leak Zone user logins. The remaining data pertains to accounts that are linked to AccountBot, an additional website that facilitates the sale of access to compromised accounts for streaming services.
TechCrunch confirmed that the exposed database documented users’ logins to Leak Zone by creating a new account and logging in to the site. The exposed database immediately contains a corresponding record that includes our IP address and the precise time of our login.
The reason for the database’s public disclosure remains unknown. Data exposures are frequently the result of human error or misconfigurations, rather than malicious actions.
TechCrunch could not reach the Leak Zone administrators for comment due to the forum software’s refusal to allow us to send them messages. It is unclear whether the Leak Zone administrators are cognizant of the exposure or intend to inform their users about the security breach.
The database is no longer accessible, according to UpGuard, as reported by TechCrunch.
In the past few years, there has been a growing emphasis on the role of cybercrime forums and websites in facilitating hacking, identity theft, and other illicit activities by U.S. and international authorities.
Europol announced this week that it had apprehended the purported administrator of XSS.is, a Russian-language cybercrime forum that has been operational for an extended period. The authorities also confiscated the forum as part of a disruption operation.
