A for-profit breach notification site, LeakedSource, which helped bring to light some of the most massive breaches in 2016, is now down after an alleged raid by US law enforcement, according to reports. The site has previously been criticised for allegedly cracking the passwords from hacked databases that they obtained.
LeakedSource shot to fame after it gained access to some of the largest hacked databases, including the AdultFriendFinder hack and the Russian Rambler.ru hack. Despite drawing criticism for allegedly selling the passwords of compromised accounts and cracking cryptographically protected passwords, the site became the go-to resource for journalists reporting on data breaches.
The site allegedly sold access to a database of over 1.3bn compromised account passwords, according to a report by ArsTechnica. Unconfirmed reports of the site's raid came via a now unavailable post on a virtual market forum, ZDNet reported.
A user with the handle LTD wrote in the post: "Yeah you heard it here first. Sorry for all you kids who don't have all your own Databases. Leakedsource is down forever and won't be coming back. Owner raided early this morning. Wasn't arrested, but all SSD's got taken, and Leakedsource servers got subpoena'd and placed under federal investigation. If somehow he recovers from this and launches LS again, then I'll be wrong. But I am not wrong. Also, this is not a troll thread."
It is still unclear as to which law enforcement agency was responsible for conducting the alleged raid. LeakedSource members are yet to comment on the matter.
A spokesperson for the US Justice Department refused to comment, saying: "As a matter of policy, the department generally neither confirms nor denies whether a matter is under investigation."
Security researcher Troy Hunt, who runs the free breach notification site Have I Been Pwned, said: "Handling data of this nature is a sensitive business. The information in data breaches can have a serious impact on people's lives and it needs to be treated with the utmost of respect."
"Providing the passwords of data breach victims to anyone willing to pay for them was always going to lead to law enforcement eventually stepping in."
He added: "LeakedSource was always going to inevitably face serious consequences by providing the passwords of data breach victims to anyone willing to pay for them. I was shocked when someone bought access to their service, then sent me my own password from a data breach."
At the time of writing, the LeakedSource site was still inaccessible.