Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Data Leak

Leak Zone Forum’s Own Elasticsearch Database Exposed, Revealing 22M+ User Records

by Nam Phong · July 28, 2025

The Leak Zone forum — widely known as a hub for publishing and distributing hacked databases, stolen credentials, and pirated software — has ironically become the source of a major data breach. According to a report published on UpGuard’s official blog, the platform had left its Elasticsearch database exposed to the public without password protection, thereby compromising the privacy of its own user base.

Discovered on July 18, the database was accessible via a standard web browser and remained open, updating in real time. It contained more than 22 million records logging users’ IP addresses and precise login timestamps, with the most recent entry dated June 25. Elasticsearch misconfigurations have been the root cause of numerous large-scale data leaks in the past.

While the records were not explicitly linked to usernames or profiles, they can still be used to identify individuals — particularly if anonymity tools were not employed. Some entries noted whether access occurred through a proxy or VPN, revealing the relative strength of a user’s protective measures.

Operating since 2020, Leak Zone promotes itself as offering “a vast collection of leaks — from databases to hacked accounts,” according to the site’s description. The forum also includes a marketplace where illicit services are openly advertised. With over 109,000 registered users, this is not the first time a hacker forum has found itself compromised by a data breach.

Researchers indicate that approximately 95% of the leaked dataset pertains to logins on Leak Zone. The remaining 5% is linked to AccountBot, a site known for selling access to compromised streaming service accounts.

TechCrunch confirmed the legitimacy of the leak by creating a test account and observing its corresponding entry — complete with IP address and login time — appear in the database. The reason behind the exposure remains unclear, though human error or misconfiguration, rather than malicious intent, is considered the likely cause.

Attempts to contact the Leak Zone administrators were unsuccessful; the forum’s messaging system rejected all outreach. It is unknown whether the administrators are aware of the breach or intend to notify affected users.

According to UpGuard, the database had been taken offline by the time their report was published.

The breach comes amid increasing pressure from U.S. and European authorities on cybercriminal forums. Previously, authorities dismantled RaidForums — once one of the world’s largest marketplaces for stolen data. Just this week, Europol arrested the alleged administrator of the Russian forum XSS.is.

Related coverage

  • FortiBleed Firewall Attack Exposes UK Government Data
  • Temu Data Leak Claim: 310M Records for Sale
  • Kairos Data Extortion: $1M Cyber Crisis
  • Libya Central Bank Breach Leaks Internal Data
  • NAIC PeopleSoft Cyberattack: ShinyHunters Claims Massive Breach

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: Cybercrime Forumcybersecuritydata breachElasticsearchIP addressesLeak ZoneLogin Timestampsmisconfiguration

Follow:

  • Next story TerraformGoat: “Vulnerable by Design” multi cloud deployment tool
  • Previous story US Woman Jailed 8.5 Years for Running “Laptop Farm” That Enabled North Korean IT Spies to Infiltrate 300+ US Firms

  • Recent Posts
  • Popular Posts
  • Tags
  • ZEGO textile factory cyberattack bankruptcy, corporate cyber threat consequences

    Cybercriminals

    ZEGO Cyberattack Bankruptcy: Textile Firm Closes

    July 15, 2026

  • context bombing defense mechanism, AI agent cloud security trap

    Cybercriminals

    Context Bombing: A Novel Defense Against AI Hackers

    July 15, 2026

  • ACSC CMS exploitation campaign web shells installed via WordPress and Joomla CVEs globally

    Cybercriminals

    ACSC Warns: CMS Campaign Installs Web Shells via 17 CVEs

    July 14, 2026

  • U-Boot FIT image signature verification vulnerabilities CVE Binarly bootloader exploit firmware

    Vulnerability

    6 U-Boot Vulnerabilities Let Attackers Hijack Boot Process

    July 14, 2026

  • Progress Software ShareFile Storage Zone Controller shut down over external threat CVE-2026-2699

    Vulnerability

    Progress Software Shuts Down ShareFile Over External Threat

    July 14, 2026

  • Apache Camel vulnerabilities enabling server-side request forgery and authentication bypass in JMS and WebSocket connectors

    Vulnerability

    Apache Camel Patches Five High-Severity Vulnerabilities

    July 9, 2026

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • Solus 4.4 Fortitude releases, Linux distribution

    Linux

    Solus 4.4 Fortitude releases, Linux distribution

    January 26, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro