Breach Database Website LeakedSource Busted by Feds

LeakedSource, a breach notification website that also sold database access to over 3 billion hacked accounts is now offline, disappearing in murky circumstances with one insider claiming that the website is down and gone forever.

Having combed over 3 billion hacked accounts, LeakedSource indexed compromised account details of accounts from a number of high-profile breache. Users could essentially search and check if any of their phone numbers or email addresses were compromised as a part of any breach. While LeakedSource claimed its aim was to warn the public about who might be affected while raising awareness toward better cybersecurity, critics have argued that rogue malicious hackers could have the means to easily access victims’ accounts.

The account details were gathered from several of the world’s most prominent breaches, including Yahoo, Ashley Madison, Last.fm and LinkedIn, among others.

Now, an insider has claimed that LeakedSource is now permanently offline after being taken down by law enforcement authorities.

First posted on online forums, the notice, since removed, has found a place on Pastebin.

It read:

LeakedSource is down forever and won’t be coming back. Owner raided early this morning. Wasn’t arrested, but all SSD’s got aken, and LeakedSsource servers got subpoena’d and placed under federal investigation. If somehow he recovers from this and launches LS again, then I’ll be wrong. But I am now wrong.

LeakedSource controversially decrypted passwords obtained through data dumps, making passwords searchable in their plaintext form. Users could check to see which passwords were affected in the event of an account compromise, prompting them to change shared passwords with other online accounts. However, the feature meant that data dumps were also valuable for malicious hackers as well.

Have I Been Pwned, a similar resource that allows users to check if your email address or username was compromised in a hack takes a significantly different approach. Personally identifiable data is never revealed to anyone, not even the legitimate owners of the data, which stops sensitive information from falling into the wrong hands.

Image credit: Pixabay.