On January 27, 2017, the breach notification and password service Leakedsource.com went offline without stating any obvious reason. At the time, users speculated that the site has been raided by law enforcement authorities but there was nothing conclusive other than an Anonymous message on Pastebin website stating that:
“LeakedSource is down forever and won’t be coming back. Owner raided early this morning. Wasn’t arrested, but all SSD’s got taken, and LeakedSource servers got subpoenaed and placed under federal investigation. If somehow he recovers from this and launches LS again, then I’ll be wrong. But I am not wrong.”
LeakedSource.com’s operator arrested
However, on December 22nd, 2017 the Royal Canadian Mounted Police (RCMP) arrested a 27-year-old Ontario man Jordan Evan Bloom for allegedly operating LeakedSource.com and selling stolen username and passwords. Bloom has been charged with trafficking in identity information, unauthorized use of computer, mischief to data and possession of property obtained by crime.
According to a press release, in 2016 it came to RCMP’s knowledge that the servers hosting LeakedSource.com were located in Quebec and that is when their cybercrime unit initiated “Project Adoration” and raided LeakedSource.com which at that time contained over 3 billion personal identity records and associated emails, username, and passwords from large-scale data breaches including MySpace, Dropbox, LinkedIn. Bloom would then allegedly sell those credentials for a small fee and ended up earning a whopping $247,000 from trafficking identity information.
“This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information. The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality, said RCMP.
LeakedSource.com started its operation in October 2015 and provided sensitive personal information obtained from data breaches to anyone willing to pay for it. This would also allow malicious threat actors to buy stolen data and conduct identity theft scam or hijack accounts of celebrities as well as unsuspecting users.
Bloom is now in custody and it is expected that he will be making his first court appearance today.
In another incident that took place on December 2nd, 2017, Leakbase.pw, a searchable data breach index website was shut down. Leakbase started its operation in September 2016 and allowed anyone to buy a membership and search queries on different databases including Taringa, VerticalScope
However, on December 2nd, its Twitter account announced that “This project has been discontinued, thank you for your support over the past year and a half.” However, Brain Kreb of KrebsOnSecurity alleged that Leakbase’s shut down was a result of raid linked to the raid on Hansa dark web market by Dutch police back in July 2017.
In response, the website denied any affiliation with the dark web marketplace Hansa and tweeted that “The fact that we need to tweet this is disappointing in its self, none of the LeakBase operators have any connections to Hansa. The fact that this can be portrayed as near fact is astonishing as it is only a claim.”