Breach site LeakedSource apparently raided by feds

The site obtained a massive hack of over 400 million AdultFriendFinder accounts last year.

postedin-yxsesqn.jpg

Image: File

LeakedSource, a for-profit breach notification site that helped break the news of some of last year's largest data breaches, has apparently been raided by law enforcement.

News of the raid, which can't be confirmed at the time of writing, first broke on Thursday through a note posted on a virtual markets forum earlier in the day, but it is no longer viewable.

LeakedSource's website appears to have been pulled offline.

The note reads:

"Yeah you heard it here first. Sorry for all you kids who don't have all your own Databases. Leakedsource is down forever and won't be coming back. Owner raided early this morning. Wasn't arrested, but all SSD's got taken, and Leakedsource servers got subpoena'd and placed under federal investigation. If somehow he recovers from this and launches LS again, then I'll be wrong. But I am not wrong. Also, this is not a troll thread.

The location of LeakedSource members isn't known, nor which law enforcement agency was allegedly involved.

LeakedSource shot to prominence last year for providing reporters, myself included, access to some of the largest data breaches and hacks in living memory, including AdultFriendFinder, Russian internet giant Rambler.ru, and millions of accounts associated with Twitter.

But the service drew controversy and criticism for allowing users to subscribe to the site in order to get access to raw data, including passwords.

Critics said -- rightfully -- that this could make hacking of other sites with similar user credentials much easier.

LeakedSource was just one of many breach database sites founded in the mold of non-profit service, Have I Been Pwned, which is considered the gold standard in breach notification because founder Troy Hunt deliberately doesn't store passwords.

"Handling data of this nature is a sensitive business," Hunt said in a message.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

"The information in data breaches can have a serious impact on people's lives and it needs to be treated with the utmost of respect," he added. "Providing the passwords of data breach victims to anyone willing to pay for them was always going to lead to law enforcement eventually stepping in."

A Justice Department spokesperson would not comment. "As a matter of policy, the department generally neither confirms nor denies whether a matter is under investigation," the spokesperson said.

Members of LeakedSource could not be reached by the time publication, and it hasn't been seen online in almost two days.

If anything changes, we'll update here.

Were voting machines hacked during the 2016 election?

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All