On Friday, July 18, cybersecurity firm UpGuard discovered an unprotected Elasticsearch database containing approximately 22 million records of web requests, with 95% of traffic directed to leakzone[.]net, a prominent “leaking and cracking forum” that facilitates the distribution of hacking tools, exploits, and compromised accounts. Each database entry contained critical user information, including IP addresses, geographic locations, and internet service provider metadata, creating a comprehensive map of visitor activity to the underground cybercrime platform. The leaked data presents severe privacy implications for users of the illicit forum, as IP addresses are classified as Personally Identifiable Information (PII) under GDPR regulations due to their capability for cross-platform user identification. The database schema revealed that 185,000 unique IP addresses accessed the platform during this three-week period, significantly exceeding Leakzone’s registered user base of 109,000 accounts, according to the UpGuard report. Cloud service providers, including Amazon, Microsoft, and Google, appeared prominently in the traffic logs, indicating users leverage mainstream infrastructure for anonymization purposes. This discrepancy indicates sophisticated privacy protection measures employed by users, including the use of dynamic IP addresses and proxy servers. The traffic distribution pattern suggested these heavily-used IP addresses represented VPN exit nodes serving multiple users rather than individual connections. 22 million records from the dark web forum Leakzone exposed user IP addresses and locations.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 10:55:18 +0000