The Cyberrime Forum has publicly revealed the IP addresses of its users

Safety researchers found that the “leakage and breaking forum”, which announces itself, announces and shares the penetration databases, stolen accreditation data, and pirated programs of IP addresses for its registered users to the open web.

Leak Zone has left Elasticsearch database vulnerable to the Internet without a password, according to Upguard researchers. in Blog post Common with Techcrunch before its publication, the researchers said they discovered the database on July 18 and found that its data is available to anyone with a web browser.

The exposed database contained more than 22 million IP addresses and the exact character line for logging in the leakage area. The records were recently rooted on June 25, and the database was updated in actual time.

Although records are not connected to individual users, data can be used to identify users who have registered to enter the leakage area without using any identity hiding tools. Some records, which TECRCRUNCH sees, indicate whether it is believed that the user has logged agentlike VPNWhich can help hide the real world location.

Leak Zone, which gained popularity in 2020, announces access to “a wide range of leaks ranging from penetrated databases to broken accounts”, referring to the stolen credit data used to log in to person’s accounts online. The forum also provides a market that explicitly enhances “illegal services”, and reads the site guide. A page on Leak Zone claims that the forum has more than 109,000 users.

According to Upguard, 95 % of the records are related to the exposed database with the leakage area registration. The remaining data reference accounts associated with Accountbot, another site to sell access to accounts at risk used for broadcasting services.

TECHCRUNCH checks that the open database was registering users who log in to the leakage area by creating a new account and log in to the site. The corresponding record appeared immediately in the exposed database that has our IP address and the timeline line for the minute moment you log in.

It is not known why the database is publicly displayed. Human or wrong error is often a cause of data, rather than malicious actions.

Techcrunch was unable to contact the officials of the leakage area to comment because the forum program denied our ability to send messages to them. It is not clear whether the officials of the leakage area are aware of exposure or whether they are planning to notify their users of low security.

Upguard told Techcrunch that the database is no longer on the Internet.

In recent years, the United States and the international authorities are increasingly Hardcore electronic crime forums And their own sites Roles in facilitating piracy, stealing identity and other criminal activity. This week, Europol announced that it had it The alleged official was arrested Behind XSS.is, a forum for a long -term Russian e -crime, which the authorities have also seized as part of the removal process.