In a significant display of operational irony, a cybercrime forum known as Leak Zone has inadvertently exposed the IP addresses of its own user base. The platform, a marketplace for stolen databases, cracked accounts, and other illegal services, failed to secure a critical database, leaving it open to the public internet.
The Cyber Security Posture Management firm UpGuard discovered the breach, which stemmed from an unsecured Elasticsearch database containing over 22 million records. This data, which was updating in real time, included the IP addresses and precise login timestamps of the forum's members. While the data wasn't directly tied to usernames, it could provide a clear path for law enforcement or researchers to de-anonymise any of the forum's 109,000 claimed users who logged in without a VPN or other proxy service.
TechCrunch independently verified the leak by creating an account and observing their own IP address and login details appear in the exposed database almost instantly. The incident is particularly notable as it compromises the anonymity of individuals engaged in criminal activity, turning the forum's own purpose—leaking others' data—against its members.
Although the database has since been taken offline, it is unclear if Leak Zone's administrators are aware of the lapse or have any intention of notifying their users. This security failure occurs as global authorities intensify their crackdown on cybercrime platforms, such as the recent seizure of the Russian-language forum XSS.is.
