According to recent reports, an unidentified United States law enforcement agency carried out a raid on LeakedSource, causing the site to go offline.
LeakedSource is the highly controversial breach notification website.
The site was launched in 2015 to collect and package the information leaked in the public domain following data breaches.
LeakedSource operators indexed compromised credentials where the users could be able to search to see if their passwords, email addresses, or phone numbers could be exploited.
The controversy surrounding LeakedSource arose from the fact that the site sold advanced search capabilities to users able to pay the fee.
In application, this means that the entire community of hackers had potential access to compromised credentials of innocent individuals and could use them for their own agendas.
It is important to note that their database contained more than 3 billion compromised accounts in total.
However, LeakedSource had always maintained that the online directory served to provide information and education to the affected parties.
They also sought to put pressure on companies that often fail to disclose data breaches.
LeakedSource was responsible for uncovering major data breaches in 2016 including breaches from LinkedIn, Foursquare, Dropbox, Daily Motion, Weebly, Last.fm, VK.com and Rambler.ru.
The site had also been cited as a key resource for several journalists.
The data breach directory was a source of contextual information in the coverage of infamous data breaches including Twitter, MySpace, Adult Friend Finder, and Rambler.ru.
According to one of the site’s operators and spokespersons, any information that was available on LeakedSource was also available in other sectors of the public domain.
The site only served to conveniently compile and package what was already publicly accessible in a single location, making it easier for the affected to mitigate breaches.
Nonetheless, there was speculation that LeakedSource operators were actively encouraging users to provide new data troves.
Troy Hunt, founder of a forum similar to LeakedSource called “Have I Been Pwned,” and a security researcher stated that the directory indexed constant data troves that could not be found in the usual online trading platforms.
He reiterated that there was widespread speculation that LeakedSource was providing incentives to users to avail both publicly accessible data and data from their very own sources.
Currently, it is not yet clear whether these allegations are true.
If the reports about the law enforcement raid are indeed true, then the ensuing investigations might shed some light on these aspects.
LeakedSource has yet to make an official statement about these events.
This is likewise the case for the unidentified law enforcement agency involved in the raid.
A now unavailable Pastebin post by a user with the handle “LTD” brought to light the events shortly after they allegedly happened.
The post indicated that the owner of the online directory was raided during early morning hours, whereby the authorities seized all of the solid-state drives (SSDs); the site’s servers were also confiscated through a subpoena.
The case is currently under federal investigation and LeakedSource could be shut down permanently.
One controversial practice at LeakedSource made it very valuable to hackers – the operators often decrypted passwords compromised through data dumps in order to make the passwords searchable to the users.
However, this had an undesirable effect in that it made the work of hackers much easier.
With decrypted data, secondary breaches could now be possible even by inexperienced hackers.
Cybersecurity experts and commenters have noted that a raid was inevitable since LeakedSource has been handling breached data irresponsibly and unethically.
The shutdown of the site will definitely be a cause of worry to the operators of similar data breach websites.
At the time of writing, the US Department of Justice has made no official statement about the raid.