Feds Raid Breach Notification Site – Should Hackers Be Worried?
LeakedSource gained popularity last year for providing access to some of the biggest data breaches of the internet history. The site helped break the news of massive data breaches, including Twitter, Weebly, AdultFriendFinder, and several other sites. But, it looks like the breach notification site has been raided by law enforcement.
LeakedSource is probably dead... forever
When sites get breached LeakedSource aggregates that data, allowing anyone to confirm and then check if they have been a victim of that breach - much like HaveIBeenPwned. However, while HIBP doesn't store passwords, LeakedSource offers all the hacked information. The site has drawn criticism as critics warned that this kind of service that offers assistance to victims also provides hackers easier access to the data, who can then use these credentials for further attacks.
The site offers anyone access to their database for $2 a day, or $265 a year. While useful in some cases, it did provide easier access to criminal threat groups.
But, it looks like the days of LeakedSource are now over. The site is currently showing the following message: "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
However, folks at ZDNet reported that a note (now taken down) posted on a virtual markets forum told a different story. It reads:
Yeah you heard it here first. Sorry for all you kids who don't have all your own Databases. Leakedsource is down forever and won't be coming back. Owner raided early this morning. Wasn't arrested, but all SSD's got taken, and Leakedsource servers got subpoena'd and placed under federal investigation. If somehow he recovers from this and launches LS again, then I'll be wrong. But I am not wrong. Also, this is not a troll thread.
While it's been over a day since the first news of LeakedSource raid appeared online, there is still no confirmation or any more details on the matter. It appears that an unspecified law enforcement agency raided the site and confiscated the disks. However, it’s still not 100 percent clear what exactly happened to LeakedSource. Since no one knows the people behind the website, the reports of a police raid can't be confirmed either.
There is now a possibility that the law enforcement agency could use LeakedSource's subscription data to possibly track down criminal hacking groups. "All the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,” one user wrote.
Whatever may have happened to LeakedSource - and could happen to its subscribers - more sites like LeakedSource will now become a new hub for hackers and others. However, its closure will hopefully provoke a much-needed discussion around the ethics of breach disclosures and policies that could enforce the operators of similar websites not to disclose user passwords.