Amsterdam police take down site for trading in stolen data

Dutch police, working with Europol, the FBI, and other international agencies, shut down LeakBase on March 3 and 4, 2026. The site, which had 142,000 users, was one of the largest forums for trading stolen information, including email addresses, passwords, and other personal details.

The operation was led by the Amsterdam Police Cybercrime Team under the Public Prosecution Service. Authorities secured the forum’s full database, including user accounts, public and private messages, its internal credit system, and IP logs. Investigators determined that the forum had operated on a server located in Amsterdam, against which “the necessary measures have been taken,” according to police.

“The Dutch investigation started in 2023 and led to international collaboration with police services from dozens of countries,” the Cybercrime Team said. “This kind of platform forms the engine of cybercrime. Stolen personal data is repeatedly resold and misused for scams, phishing, bank helpdesk fraud, ransomware, and identity theft.”

Participating countries included Australia, Belgium, Canada, Germany, Greece, Kosovo, Malaysia, the Netherlands, Poland, Portugal, Romania, Spain, the United Kingdom, and the United States.

LeakBase had operated openly in English since 2021 and specialized in trading leaked databases and “stealer logs,” archives of credentials taken with malware. The forum combined discussion boards and marketplace features, with a credit-based economy and a reputation system that helped users build trust. By December 2025, the platform recorded over 32,000 posts and 215,000 private messages and had rules prohibiting sales of Russian-related data.

Europol’s European Cybercrime Centre supported the investigation, mapping the forum’s infrastructure and linking users to ongoing cases across Europe and beyond. Edvardas Šileris, head of Europol’s EC3, said, “This operation shows that no corner of the internet is beyond the reach of international law enforcement. Those who believed they could hide behind anonymity are being identified and held accountable. If you traffic in other people’s stolen information, law enforcement will find you and bring you to justice.”

During the operation, law enforcement carried out more than 100 targeted actions worldwide, including arrests, house searches, and “knock-and-talk” interventions against 37 of the forum’s most active users. On March 4, authorities seized the domain and replaced it with a law enforcement splash page. The operation now moves into a prevention phase to deter further criminal activity and protect victims.

Recovered login credentials have been added to the public-private No More Leaks initiative, allowing companies to check if their customers’ accounts were compromised and enforce immediate password resets. Stolen email addresses have also been incorporated into the police’s Check Je Hack tool, which lets individuals verify if their information appears in cybercriminal databases.

Police and Europol emphasized vigilance for internet users. “Criminals exploit trust and manipulate urgency, curiosity, or fear. Always verify the sender, do not click links automatically, and never share personal data if unsure,” authorities said. Using strong, unique passwords and multi-factor authentication remains essential to reduce risk.