A site that tracked massive hacks and data breaches has disappeared after being allegedly raided by the police.
LeakedSource, a for-profit service that aggregated data from various hacks and made users pay to search it, has gone offline, as previously reported by Zack Whittaker at ZDNet. And a message posted on a forum dedicated to hacking and virtual markets claims that this is because the site has been taken down by law enforcement.
“Yeah you heard it here first. Sorry for all you kids who don’t have all your own Databases. Leakedsource is down forever and won’t be coming back. Owner raided early this morning. Wasn’t arrested, but all SSD’s got taken, and Leakedsource servers got subpoena’d and placed under federal investigation,” the post says. “If somehow he recovers from this and launches LS again, then I’ll be wrong. But I am not wrong. Also, this is not a troll thread.”
LeakedSource frequently made headlines in 2016 as it got hold of massive caches of data from some of the biggest hacks around. In September 2016 it announced it had almost 100 million logins from Rambler.ru — essentially the Russian Yahoo — for example, and in November it disclosed a hack of adult dating site AdultFriendFinder that it said affected 400 million users’ details.
LeakedSource has helped to highlight previously undisclosed hacks, and shoddy security practices by companies (and users!) — but there’s also a flipside to it. It lets anyone pay to access the data, and that includes passwords. Because most people re-use passwords across multiple sites, this means if their data is compromised on one service, then all their other accounts are as well. So if you found someone’s details in a data dump (from LinkedIn, say), you could then try those same login details across their other accounts (Facebook, Twitter, Google, and so on) — compromising the victim all over again.
Alongside last year’s mega-breaches, there has also been a spate of hijackings of celebrities’ and high-profile figures’ social media accounts. Everyone from Mark Zuckerberg to Drake had their Twitter accounts hacked, likely because they re-used passwords across multiple accounts. It’s not clear whether LeakedSource was used in any specific hijacking — but its model certainly left itself open to the possibility.