When it comes to finding out about data leakages concerning usernames and passwords for most websites and online services, Have I Been Pwned, founded by Troy Hunt, has become one of the most relied upon and legitimate sources of information. Most recently, the online service partnered up with Mozilla to help notify Firefox users if visited websites have fallen victim to data breaches and if their credentials have been compromised.
Unsurprisingly, other online services who managed to get their hands on exfiltrated credentials, such as Leakbase, leveraged the data for commercial gain, by selling subscriptions to access a database containing more than two billion usernames and passwords. However, it appears that over the weekend, Leakbase commenced redirecting web traffic to Have I Been Pwned after it was believed that users of the former began experiencing difficulties getting in touch with support staff.
It is believed that Leakbase changed hands in April and, according to an anonymous source in contact with security journalist Brian Krebs, the site's new management allegedly became involved in drug dealing on Hansa, a dark web market that had its plug pulled back in July. The shutdown occurred after Dutch authorities had operated the website in secret to gain further intelligence on Hansa's more prominent buyers and sellers, leading them to one of the alleged owners of Leakbase, reportedly culminating in an arrest.
In any instance, Leakbase confirmed the termination of its service and the availability of refunds in messages posted from its Twitter account:
We understand many of you may have lost some time, so in an effort to offer compensation please email, email@example.com— LeakBase (@LeakbasePW) December 3, 2017
Send your LeakBase username and how much time you had left.
We will have a high influx of emails so be patient, this could take a while
The news comes around eight months after Leakbase became the target of data exfiltration. It was discovered that an account belonging to an administrative alumnus had an identical password to an account used for managing the site's DDoS protection provided by X4B which had been compromised in the days prior.