This major cybercrime forum might have just exposed all its users

• UpGuard finds unprotected Elasticsearch instance belonging to Leak Zone
• The instance contained millions of IP addresses
• Leak Zone is a known underground forum with a large number of users

In a moment of poetic irony, an underground “leaking and cracking forum” exposed the IP addresses of all its logged-in users, essentially doxxing them to everyone - security researchers, rival criminals - and most notably, law enforcement.

Security researchers from UpGuard found an exposed Elasticsearch database, available to anyone who knew where to look. Deeper analysis determined that the database belonged to Leak Zone, an underground forum where cybercriminals advertise and share stolen archives, credentials, and software.

It contained more than 22 million records - IP addresses and precise timestamps of when the user logged in. The database is also quite fresh, with the archive is apparently being updated in real time, as well as indicating if there is a chance ...