Leak Zone Forum’s Own Elasticsearch Database Exposed, Revealing 22M+ User Records

The Leak Zone forum — widely known as a hub for publishing and distributing hacked databases, stolen credentials, and pirated software — has ironically become the source of a major data breach. According to a report published on UpGuard’s official blog, the platform had left its Elasticsearch database exposed to the public without password protection, thereby compromising the privacy of its own user base.

Discovered on July 18, the database was accessible via a standard web browser and remained open, updating in real time. It contained more than 22 million records logging users’ IP addresses and precise login timestamps, with the most recent entry dated June 25. Elasticsearch misconfigurations have been the root cause of numerous large-scale data leaks in the past.

While the records were not explicitly linked to usernames or profiles, they can still be used to identify individuals — particularly if anonymity tools were not employed. Some entries noted whether access occurred through a proxy or VPN, revealing the relative strength of a user’s protective measures.

Operating since 2020, Leak Zone promotes itself as offering “a vast collection of leaks — from databases to hacked accounts,” according to the site’s description. The forum also includes a marketplace where illicit services are openly advertised. With over 109,000 registered users, this is not the first time a hacker forum has found itself compromised by a data breach.

Researchers indicate that approximately 95% of the leaked dataset pertains to logins on Leak Zone. The remaining 5% is linked to AccountBot, a site known for selling access to compromised streaming service accounts.

TechCrunch confirmed the legitimacy of the leak by creating a test account and observing its corresponding entry — complete with IP address and login time — appear in the database. The reason behind the exposure remains unclear, though human error or misconfiguration, rather than malicious intent, is considered the likely cause.

Attempts to contact the Leak Zone administrators were unsuccessful; the forum’s messaging system rejected all outreach. It is unknown whether the administrators are aware of the breach or intend to notify affected users.

According to UpGuard, the database had been taken offline by the time their report was published.

The breach comes amid increasing pressure from U.S. and European authorities on cybercriminal forums. Previously, authorities dismantled RaidForums — once one of the world’s largest marketplaces for stolen data. Just this week, Europol arrested the alleged administrator of the Russian forum XSS.is.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy