Menu
Browse

Cyber Threat Actor: LeakBase

Actor Type Location Known Incidents
 Icon
Crime Syndicate
Russia
2 incidents
Profile

LeakBase, also known as Leak Base and Leakbase, is a threat actor that operates under these aliases. The actor’s location is reported as Russia, though this information is noted as conditional. LeakBase functions primarily as a distributor of compromised data and as a facilitator for the sale of unauthorized access to systems. According to analyses from security researchers, the group’s activities are driven by financial gain, with members selling data sets and access to admin panels on marketplace forums. The actor’s typical tactics involve uploading stolen datasets to cybercrime forums such as BreachForums and sharing them via file‑hosting platforms. In addition, LeakBase affiliates are described as offering access to content management system admin panels and servers that allegedly were obtained through unauthorized means. No specific malware families, exploit tools, or initial‑access vectors are referenced in the available reporting.

One of the actor’s publicly reported operations occurred on January 18 2023, when a user using the handle “LeakBase” posted over six hundred thousand rows of private data taken from the Penang government’s official website on BreachForums for public download. On September 29 2022, Leakbase was linked to a breach of India’s Swachhata Platform, where approximately sixteen million user records containing email addresses, hashed passwords and user IDs were shared via a file‑hosting service. Earlier, in 2017, the Leakbase platform was cited as being at the center of a large‑scale data breach affecting Taringa, a Reddit‑like social network serving Latin American users. These incidents illustrate the actor’s focus on government and public‑sector targets in Malaysia and India, as well as on regional social‑media services in Latin America. The exposed data has been described as enabling further malicious activity such as phishing, smishing and social‑engineering campaigns, although LeakBase itself is not directly credited with carrying out those attacks. Public sources do not establish any state sponsorship or affiliation with a known criminal consortium for LeakBase. Consequently, the actor is presently understood as a financially motivated data‑trading group whose attribution remains unverified beyond the aliases and locations mentioned in open‑source reports.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
2 sources