The Department of Justice announced the seizure of LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. What began as an English-language marketplace accessible on the open web has ended with a law enforcement seizure banner, marking a significant blow against transnational cybercrime infrastructure.
On March 3 and 4, law enforcement agents and officers in 14 countries including the United States took synchronized actions against LeakBase and its users in a coordinated effort hosted by Europol in The Hague.Law enforcement executed search warrants, arrests, and conducted interviews in the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. The operation, known as Operation Leak, represents the kind of institutional coordination that centre-right governance emphasises: clear rules, multiple jurisdictions working within legal frameworks, and transparent law enforcement processes.
According to an affidavit unsealed on March 3, the LeakBase forum had over 142,000 members and more than 215,000 messages between members.Available on the open web and in English, the forum had an enormous and continuously updated archive of hacked databases including many from high profile attacks, including hundreds of millions of account credentials. LeakBase allowed forum users to sell the information from stolen databases, including data illegally obtained from U.S. corporations and individuals, and offered credit and debit card numbers, banking account and routing information, usernames and associated passwords which could facilitate additional account takeovers.
Specifically, the United States and other countries shut down LeakBase, seized its data and two of the domains used by the forum, posted seizure banners on the LeakBase sites, sent prevention messages to LeakBase members, and collected additional evidence.Around 100 enforcement actions were conducted across the world, including taking unspecified measures against 37 of the most active users of the platforms. This proportionate response, targeting the highest-harm actors rather than all members, reflects responsible law enforcement prioritisation.
The data seized from LeakBase will now be examined by investigators across multiple jurisdictions to identify victims and suspects.The Computer Crime and Intellectual Property Section (CCIPS) has reported this seizure and claims it has secured the conviction of over 180 cybercriminals and IP criminals, and court orders for the return of over $350 million in victim funds since 2020. This record demonstrates sustained institutional progress in combating cybercrime.
Yet pragmatism demands acknowledging legitimate complexity.The LeakBase takedown is the third major disruption of a cybercrime forum in four years, following RaidForums and BreachForums. The pattern suggests that international law enforcement has developed a repeatable playbook for infiltrating, mapping, and dismantling these platforms—and that successor forums can expect to face the same fate. However, expertise in the field offers caution. Criminal operators often maintain backup infrastructure and operate in jurisdictions without extradition treaties. While this operation sends a clear message that anonymity online offers limited protection, the underlying incentives driving stolen data sales remain strong.
For Australian citizens and organisations, the message is direct: information stolen in data breaches does not disappear. It surfaces on platforms like LeakBase, enabling identity theft, fraud, and further cyber intrusions. The seized database will help investigators understand which Australian entities and individuals were victimised. Law enforcement officials urged both individuals and organisations to implement multi-factor authentication and use strong, unique passwords.
International cooperation on cybercrime reflects genuine alignment across competing democracies on fundamental issues: protecting citizens from theft, defending institutional rule of law, and pursuing transparency in law enforcement. Australia's participation in Operation Leak underscores the practical necessity of global coordination when crime transcends borders. This operation, and its predecessors, suggest that reasonable people across the political spectrum can agree on one thing: cybercriminal infrastructure serves no legitimate purpose and warranting its disruption through lawful means.