LeakedSource website that offered cracked password databases is offline

LeakedSource, a controversial site offering data from leaked databases for sale, is currently offline. In a forum post, a user says that this is the result of a police action and that the site will not come back.

In the message, which can also be read via Pastebin, a user named ‘LTD’ says that a raid on LeakedSource has taken place that has seized all SSDs. The owner would not have been arrested and all servers would be investigated. Ars Technica has made an attempt to contact the persons behind the site, without success. According to the site, LeakedSource was online for about 15 months. The identity of the forum poster is unknown.

The website LeakedSource, which provided access to more than three billion passwords, allowed users to search for free if their data was in a leaked database. For a fee it was possible to search all databases, which, according to Ars Technica, were also cracked by LeakedSource itself. This made it possible to, for example, penetrate existing accounts, if they were protected with the same password that appeared in a cracked database.

Security researcher Troy Hunt offers a similar service called ‘HaveIbeenpwned’. The difference with LeakedSource is that it only lets people check whether their data is in a leaked database. He does not provide access to the data itself. For example, via his website it is possible to check whether a username or e-mail address appears in a hacked database, such as those of Adobe, MySpace, LinkedIn and Dropbox.

Hunt responds to the news in a blog post of his own, writing that he “has never been in doubt that the site was used for destructive purposes.” He hopes the person behind the site will “rethink how to handle personal data ethically.”

It is not known who is behind LeakedSource. Wired wrote a background article about the service in December, stating that some of the people behind the website are still in school.