Leak Forum Becomes a Leak Itself: Leak Zone Exposes 22 Million User IP Addresses
Researchers uncovered millions of unsecured records.
Researchers uncovered millions of unsecured records.
Leak Zone, a forum known for distributing hacked databases, stolen credentials, and pirated software, has ironically become the source of a massive data breach. According to researchers from UpGuard, the platform left its Elasticsearch database exposed without a password, putting its users at significant risk.
The exposed database, discovered on July 18, was accessible via a regular web browser and was being updated in real-time. It contained over 22 million records logging user IP addresses and exact login timestamps, with the most recent data dated June 25. Elasticsearch misconfigurations have been responsible for numerous high-profile data leaks in the past.
Although the records weren’t directly linked to usernames or forum profiles, they could still be used to deanonymize users — especially those who didn’t use anonymity tools. Some records indicated whether logins were made via proxy or VPN, allowing attackers to assess each user's level of protection.
Leak Zone has been active since 2020, offering access to a “vast collection of leaks — from databases to hacked accounts,” as stated on the site. It also hosts a marketplace openly advertising illicit services. According to the site, the forum has over 109,000 registered users. This is far from the first time a hacker forum has become the victim of its own carelessness.
UpGuard reports that about 95% of the leaked data relates to logins on Leak Zone itself, while the remaining 5% involve accounts tied to AccountBot — a service that sells access to compromised streaming service accounts.
TechCrunch confirmed the authenticity of the leak by registering a test account and verifying the appearance of their login record (including IP address and timestamp) in the exposed database. The reason for the exposure is still unknown, but researchers suspect it was a configuration error or human mistake, rather than a deliberate action.
Attempts to contact the Leak Zone administration were unsuccessful — the forum’s message system rejected all messages. It remains unclear whether the admins are aware of the issue or plan to notify users.
According to UpGuard, the exposed database has since been taken offline.
This incident comes amid increasing pressure from U.S. and European authorities on cybercrime forums. Law enforcement has already shut down RaidForums — once one of the world’s largest platforms for trading stolen data. Just this week, Europol arrested the alleged administrator of the Russian forum XSS.is.
