FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials  Ravie Lakshmanan  Mar 05, 2026 Malware / Dark Web A joint law enforcement operation has dismantled LeakBase , one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between members as of December 2025. Those attempting to access the forum's website (" leakbase[.]la ") are now greeted with a seizure banner that says it was confiscated by the U.S. Federal Bureau of Investigation (FBI) as part of an international law enforcement effort. "All forum content, including users' accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes," the banner reads. Available in English and accessible over the clearnet, LeakBase offered hacked databases , including hundreds of millions of account credentials and financial information such as credit and debit card numbers, banking account and routing information, usernames, and associated passwords that could be abused to facilitate account takeovers. According to a report published by Flare in April 2023, LeakBase explicitly prohibited users from peddling or publishing Russian databases, likely in an attempt to avoid scrutiny. The forum has been active since 2021. LeakBase is one of the aliases for Chucky, who also goes by the monikers Chuckies and Sqlrip across various underground forums. Per SOCRadar , the threat actor has a track record of sharing vast collections of databases, often containing sensitive information from global entities. What's more, SpyCloud revealed early last month that the forum had been down for a few days and that Chucky was looking for a new hosting provider. Some of the other known administrators and moderators of LeakBase include BloodyMery, OrderCheck, and TSR . As part of the disruption exercise codenamed Operation Leak that took place on March 3 and 4, 2026, authorities executed search warrants, made arrests, and conducted interviews in the U.S., Australia, Belgium, Poland, Portugal, Romania, Spain, and the U.K. In a coordinated announcement, Europol said LeakBase specialized in the sale of stealer logs, which contain archives of credentials harvested through infostealer malware. The information could be weaponized to conduct account takeover, fraud, and other cyber intrusions. The agency said around 100 enforcement actions were conducted across the world, including taking unspecified measures against 37 of the most active users of the platforms. "The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users’ accounts, posts, credit details, private messages, and IP logs for evidentiary purposes," said Assistant Director Brett Leatherman of the FBI's Cyber Division. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post. SHARE      Tweet  Share  Share  Share   Share on Facebook  Share on Twitter  Share on Linkedin  Share on Reddit  Share on Hacker News  Share on Email  Share on WhatsApp Share on Facebook Messenger  Share on Telegram SHARE  Cybercrime , cybersecurity , dark web , data breach , Europol , FBI , Financial Fraud , Infostealer , Malware , Stolen Credentials Trending News Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies ⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware and More ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit and 15+ Stories Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem How Exposed Endpoints Increase Risk Across LLM Infrastructure Popular Resources 100+ Domains Multiply Attack Risk 6× - Download the CTEM Divide Research Boost SOC Efficiency with AI-Guided Triage — Download Investigator Overview Silent Residency Is the New Threat Model — Download the Red Report Exposed Cloud Training Apps Are Letting Hackers In — Download the Research