A self-styled “leaking and cracking forum” where users share breached databases, stolen credentials, and pirated software was found exposing the IP addresses of its logged-in users to the open web, according to security researchers.
Leak Zone left an Elasticsearch database accessible to the internet without a password, as discovered by researchers at UpGuard. The database, found on July 18, contained data that could be viewed by anyone with a web browser. It stored over 22 million records, including the IP addresses and precise timestamps of user logins, with entries as recent as June 25. The database was updating in real-time, making the exposure particularly concerning.
While the records did not directly link to individual usernames, the data could still identify users who accessed Leak Zone without anonymization tools like VPNs or proxies. Some records indicated whether a user logged in through such services, which help mask real-world locations.
Leak Zone, which rose to prominence in 2020, markets itself as a hub for a “vast collection of leaks,” including breached databases and cracked accounts. The forum also hosts a marketplace promoting illegal services, according to its own guide, and claims to have over 109,000 users.
UpGuard’s analysis revealed that 95% of the exposed records pertained to Leak Zone logins, while the remaining data involved accounts linked to AccountBot, another site selling compromised streaming service credentials.
TechCrunch confirmed the exposure by creating a new account on Leak Zone and logging in. A corresponding record promptly appeared in the database, containing the test IP address and exact login time.
The reason for the database’s public exposure remains unclear, though human error or misconfigurations are common causes of such incidents. Attempts to contact Leak Zone administrators were unsuccessful, as the forum blocked messages. It is unknown whether the administrators are aware of the breach or plan to inform users.
UpGuard confirmed the database is no longer accessible.
In recent years, authorities worldwide have intensified efforts to dismantle cybercrime forums involved in hacking, identity theft, and other illegal activities. This week, Europol announced the arrest of the alleged administrator behind XSS.is, a long-running Russian-language cybercrime forum, as part of a broader takedown operation.