A notorious online forum known for trafficking in stolen credentials, breached databases, and pirated software has inadvertently leaked sensitive data about its own users, cybersecurity firm UpGuard said.
Researchers discovered that Leak Zone, a self-described “leaking and cracking forum,” left an unsecured Elasticsearch database exposed to the internet. The database, accessible to anyone with a web browser, contained over 22 million records detailing the IP addresses and login timestamps of users accessing the forum. The exposed records date as recently as June 25 and were updating in real time before the database was taken offline.
While individual users were not directly named, the exposed data could still be used to identify users who failed to use anonymization tools like VPNs.
Leak Zone, which has operated since 2020 and claims over 109,000 users, offers access to breached credentials, and cracked software.
UpGuard’s analysis shows that approximately 95% of the leaked records relate to Leak Zone user logins, while the rest are tied to AccountBot, a service that sells access to compromised streaming accounts. In total, the exposed dataset contained around 185,000 unique IP addresses, a figure significantly higher than Leak Zone’s total user base, likely due to users routing traffic through dynamic IPs to obscure their identities.
Leak Zone has remained online despite the takedown of similar forums in recent years. Notably, RaidForums was seized in 2022 and BreachForums' operator was arrested in 2023.
The exposed database is no longer accessible, according to UpGuard.