Pierluigi Paganini
March 26, 2026
Russian law enforcement has arrested the suspected administrator of LeakBase, a cybercrime forum used to trade stolen personal data. The suspect, from Taganrog, is accused of running the platform since 2021. During a search of his home, authorities seized technical equipment and other evidence linked to the operation.
“Police have detained a Taganrog resident suspected of administering LeakBase, one of the largest hacker platforms. Law enforcement officials told TASS.” reported the Russian agency TASS. The detained Taganrog resident is suspected of administering “one of the largest international hacker platforms, LeakBase,” the agency’s source said.”
Active for four years, the platform had over 147,000 users who bought, sold, and used the data for fraud. A criminal case has been opened, and the suspect is in custody.
In early March, the Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14 countries, who took control of the forum’s domains and posted seizure notices.
Active since 2021, LeakBase became a key hub in the cybercrime ecosystem, specializing in trading leaked databases and “stealer logs” containing credentials stolen by infostealer malware. Operating openly in English, the forum combined marketplace and discussion features, allowing cybercriminals to buy, sell, and exchange compromised data.
On March 3, law enforcement agencies carried out coordinated actions worldwide, including arrests, house searches, and about 100 interventions targeting 37 of the most active users of the LeakBase forum. The next day, law enforcement seized the platform’s domain and replaced it with a law-enforcement notice, marking the start of the disruption phase. Investigators now move into a prevention stage focused on deterring cybercrime and raising awareness.
Europol supported the operation by mapping the forum’s infrastructure and analyzing user activity, linking suspects, victims, and evidence across borders. Specialists at Europol’s headquarters in The Hague examined seized data and generated investigative leads. The effort took place within the Joint Cybercrime Action Taskforce, while a Joint Command Post coordinated real-time intelligence sharing during the global action.
Authorities seized the LeakBase database, allowing investigators to deanonymize multiple users who believed they operated anonymously. Officers also contacted suspects through the same online channels used for criminal activity, sending a clear warning that anonymity online is limited.
Investigators continue tracing digital evidence to identify additional offenders. The operation also highlights how stolen data from breaches often resurfaces on cybercrime forums and fuels scams, identity theft, account takeovers, and phishing, underscoring the importance of strong passwords and multi-factor authentication.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, LeakBase cybercrime forum)
