A coordinated international operation by DOJ and European partners seized LeakBase, an alleged marketplace for stolen credentials and hacked databases, and resulted in domain seizures and multiple arrests. Officials said the takedown aimed to disrupt a major enabler of downstream fraud, phishing and account takeover operations.

Law‑enforcement authorities from the United States and European partners conducted a coordinated takedown of LeakBase in early March 2026, seizing domains and infrastructure and arresting multiple individuals alleged to be involved in operating or facilitating the marketplace. LeakBase had been described by investigators as a prominent online forum and marketplace where stolen credentials, hacked databases and other illicit data were traded, providing a steady supply of materials that downstream actors used for phishing, identity theft and account takeover campaigns. Officials emphasized that removing a centralized market addresses a key enabler of large‑scale fraud ecosystems by disrupting seller networks, data pipelines and reputation systems that allowed illicit goods to be monetized quickly. The operation included domain seizures, preservation of servers for forensic analysis, and cooperative actions with hosting and payment providers to block revenue streams. Authorities warned that mirror sites and reseller communities may attempt to reconstitute services and urged continued international cooperation to trace buyers, sellers and money flows tied to the marketplace.