TZUTC: -0500
MSGID: 1271.consprcy@1:2320/105 2ce8d39c
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
This major cybercrime forum might have just exposed all its users

Date:
Fri, 25 Jul 2025 13:01:00 +0000

Description:
Researchers found a database full of IP addresses following Leak Zone
incident.

FULL STORY

In a moment of poetic irony, an underground leaking and cracking forum 
exposed the IP addresses of all its logged-in users, essentially doxxing them
to everyone - security researchers, rival criminals - and most notably, law
enforcement. 

Security researchers from UpGuard found an exposed Elasticsearch database,
available to anyone who knew where to look. Deeper analysis determined that
the database belonged to Leak Zone, an underground forum where cybercriminals
advertise and share stolen archives, credentials, and software. 

It contained more than 22 million records - IP addresses and precise
timestamps of when the user logged in. The database is also quite fresh, with
the archive is apparently being updated in real time, as well as indicating 
if there is a chance a user logged in using an anonymization tool such as a
proxy or a VPN.

Exposed instances - everywhere 

It is impossible to say for how long the archive remained open, and if anyone
discovered it before UpGuard did. 

We also dont know how many people were exposed in this incident but 
allegedly, the forum has roughly 100,000 members. In any case, it has since
been locked down and is no longer accessible. 

The researchers also could not determine the cause of the database being left
exposed. 

Usually, it is down to human error - admins simply forgetting to set a
password, or otherwise encrypt it. In fact, exposed databases continue to be
the leading cause of data leaks - among legitimate and illegal organizations
alike. 

For years, researchers have been warning that cloud works on a shared
responsibility model - something many IT teams dont seem to be aware of. 

Some businesses believe securing the cloud infrastructure is the service
providers task - leaving the back door wide open for cybercriminals. 

 Via TechCrunch

======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-major-cybercrime-forum-might-have-
just-exposed-all-its-users

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426