Breach notification site LeakedSource suddenly went offline Thursday and it has a lot of people in the security community talking. One expert weighing in on the matter is Troy Hunt, a respected security researcher that operates a somewhat similar service called Have I Been Pwned.
As ZDNet notes, LinkedSource was a for-profit breach notification service that – at least, from a journalistic standpoint – was involved in the news cycle of several major data breaches in 2016 involving the likes of Adult Friend Finder, Twitter, Myspace and LinkedIn, just to name a few.
It’s still early days and this hasn’t been confirmed but both ZDNet and Hunt point to a post on a virtual markets forum that reads:
Yeah you heard it here first. Sorry for all you kids who don't have all your own Databases. Leakedsource is down forever and won't be coming back. Owner raided early this morning. Wasn't arrested, but all SSD's got taken, and Leakedsource servers got subpoena'd and placed under federal investigation. If somehow he recovers from this and launches LS again, then I'll be wrong. But I am not wrong. Also, this is not a troll thread.
As Hunt explains in a blog post published earlier this morning, LeakedSource was a for-profit breach notification service that, in addition to letting regular users search to see if their personal information was part of a data breach, sold raw breach data to anyone willing to pay for it.
By late 2016, Hunt says, it was becoming apparent that LeakedSource’s actions were skewed very much on the black side of grey. The security researcher claims, for example, that there was a constant flow of data that wasn’t appearing anywhere else in the usual trading circles before first making an appearance on LeakedSource.
Speculation was rife, Hunt contends, that LeakedSource was offering hackers incentives to both deliver data they already had and to actively seek out new targets which could be added to the site’s database and monetized by selling said data to anyone that was willing to pay for it.
Again, it’s still early days as the site just went offline yesterday (January 26, 2017). We’ll keep an eye on things and report back as new developments unfold. In the interim, if you’re interested in learning more about LeakedSource’s background, Wired published a story on the matter late last year that’s certainly worth a look. Hunt’s blog post is also worth reading as he goes into far more detail regarding his stance on LeakedSource’s practices and ethics in general.
Lead photo courtesy Reuters. Password image via kpatyhka, Shutterstock