What Leakbase Going Dark Means for the Data Breach Lifecycle

By on

“Big Company Hit with Data Breach, Millions of Users Impacted.” An all too familiar news title, for an all too familiar issue. It almost seems that each week we read about a new data breach in the news. We learn how it happened, what the hackers went after, and the ramifications. Those affected scan their credit, potentially chopping up compromised cards. But what happens after that?

A data breach is just that – data that has been breached. After they’ve attacked an organization, hackers have barrels of stolen information just sitting in their laptops. So, the next question for black hats is often – what do we do with this stolen data? Answer: turn it into profit.

That’s where sites like Leakbase come into play. These crooks can hand over this stolen data to Leakbase, which is a website that has indexed and sold access to billions of usernames and passwords swiped in some of the world’s largest data breaches. Leakbase began its operations in late 2016, advertising access to crucial data stolen from data breaches involving LinkedIn, Myspace, and Dropbox. That is until this week when the site suddenly went dark, discontinuing their service entirely.  In fact, after being discontinued, the domain was redirected to Troy Hunt’s https://haveibeenpwned.com/ site, which actually allows anyone to check to see if specific email addresses have been involved in a data breach. There’s speculation that Dutch law enforcement has been involved in this shutdown, but as of now it remains only that – speculation.

So, even though Leakbase is gone, the existence of the site and others like it serves as an important reminder that the impact of data breaches reverberates louder and longer than we may imagine. “Warehouses of stolen data extend the risk of breaches,” says Christian Beek, lead scientist and principal engineer at McAfee, who helped identify this trend in cybercrime in a 2017 Threats Predictions report.

Beek says the same thing goes for cloud data services, which can be mined for valuable information while also allowing criminals to change and hide their own identities. “The same cloud capabilities that help businesses can also house stolen data and help bad guys constantly cycle through their own information, making them harder to track.” Beek says this brings home the need for evolving security operations centers connected to a community. “If it’s you vs. them, it’s very hard. If it’s all of us vs. them, we have much better odds.”

To learn more about Leakbase and the ramifications of data breaches, be sure to follow us at @McAfee and @McAfee_Labs.

Leave a Comment

Similar articles

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog

Analytics 101

By on
From today’s smart home applications to autonomous vehicles of the future, the efficiency of automated decision-making is becoming widely embraced. Sci-fi concepts such as “machine learning” and “artificial intelligence” have been realized; however, it is important to understand that these terms are not interchangeable but evolve in complexity and knowledge to drive better decisions. Distinguishing ...
Read Blog
Simply by downloading the right combination of apps, parents can now track their child's location 24/7, monitor their same social conversations, and inject their thoughts into their lives in a split second. To a parent, that's called safety. To kids, it’s considered maddening. Kids are making it clear that parents armed with apps are overstepping ...
Read Blog