Stolen-creds-for-sale site Leakbase has gone dark and started redirecting to Troy Hunt's HaveIBeenPwned.
Since it's published only three tweets relating to the shutdown, Leakbase left plenty of room for speculation about the reason for its disappearance.
We understand many of you may have lost some time, so in an effort to offer compensation please email, firstname.lastname@example.org— LeakBase (@LeakbasePW) December 3, 2017
Send your LeakBase username and how much time you had left.
We will have a high influx of emails so be patient, this could take a while
Brian Krebs associated the shutdown with the break-up of the Hansa “darkweb” operation in July.
That woke Leakbase for one last Tweet a short time ago:
The fact that we need to tweet this is disappointing in its self, non of the LeakBase operators have any connections to Hansa.— LeakBase (@LeakbasePW) December 4, 2017
The fact that this can be portrayed as near fact is astonishing as it is only a claim.
Troy Hunt said he wasn't surprised by the closure and told The Register any leaked credential database risks unwanted attention from law enforcement, unless it's very careful about how it handles the data it holds. That alone, he opined, could have been Leakbase's undoing.
Like LeakedSource, which was shuttered in January this year, Leakbase let customers buy data sourced from breaches.
Hunt said luring customers to help them “use that data to disadvantage the victims of a breach” was always a high-risk model.
“I was contacted by a trusted source last week saying they would be going offline,” Hunt said, and Krebs got in touch “48 hours ago telling me it was redirecting”. ®