Cybercrime discussion board Leak Zone publicly uncovered its customers’ IP addresses
A self-styled “leaking and cracking discussion board” the place customers promote and share breached databases, stolen credentials, and pirated software program was leaking the IP addresses of its logged-in customers to the open net, safety researchers have discovered.
Leak Zone left an Elasticsearch database uncovered to the web with out a password, in keeping with researchers at UpGuard. In a weblog submit shared with TechCrunch forward of its publication, the researchers stated they found the database on July 18 and located its information was accessible to anybody with an online browser.
The uncovered database contained greater than 22 million data storing the IP handle and exact timestamp of when Leak Zone customers logged in. The data had been dated as lately as June 25, and the database was updating in actual time.
Whereas the data weren’t linked to particular person customers, the information could possibly be used to establish customers who logged into Leak Zone with out utilizing any anonymization instruments. Among the data, seen by TechCrunch, point out whether or not a person is believed to have logged in via a proxy, akin to a VPN, which may help conceal the person’s real-world location.
Leak Zone, which gained recognition in 2020, advertises entry to a “huge assortment of leaks starting from breached databases to cracked accounts,” referring to stolen credentials used for logging into an individual’s on-line accounts. The discussion board additionally provides a market that explicitly promotes “unlawful companies,” the location’s information reads. A web page on Leak Zone’s web site claims the discussion board has greater than 109,000 customers.
In response to UpGuard, 95% of the data within the uncovered database relate to Leak Zone person logins. The remaining information references accounts related to AccountBot, one other web site for promoting entry to compromised accounts used for streaming companies.
TechCrunch verified that the uncovered database was recording customers logging into Leak Zone by creating a brand new account and logging in to the location. A corresponding file instantly appeared within the uncovered database containing our IP handle and the timestamp of the precise second we logged in.
It’s not identified why the database was publicly uncovered. Human error or misconfigurations are sometimes a trigger of knowledge exposures, somewhat than malicious actions.
TechCrunch was unable to contact the Leak Zone directors for remark because the discussion board software program denied our means to ship them messages. It’s not clear if the Leak Zone directors are conscious of the publicity or in the event that they plan to inform their customers concerning the safety lapse.
The database is not on-line, UpGuard instructed TechCrunch.
Lately, U.S. and worldwide authorities have more and more focused cybercrime boards and web sites for his or her roles in facilitating hacking, identification theft, and different prison exercise. This week, Europol introduced it had arrested the alleged administrator behind XSS.is, a long-running Russian-language cybercrime discussion board, which the authorities additionally seized as a part of a takedown operation.