Data hoarding site represents the dark side of data breach monitoring

LeakedSource, a giant repository online that stores stolen databases, can potentially make hacking easier

A site that's been warning the public about data breaches might actually be doing more harm than good.

Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts -- including the passwords -- is probably in it.

In fact, the giant repository is made up of stolen databases taken from LinkedIn, Myspace, Dropbox, and thousands of other sites. It bills itself as a data breach monitoring site and for months now, it's been collecting details on hacks, both old and new, and alerting the media about them.

But the repository also features something that might be illegal: a search function that can look up all the stolen information. It’s also why LeakedSource is probably becoming a tool for novice hackers.

A hacking resource

For US$2 a day, a subscriber at LeakedSource can enter an email address or username and find details on what internet accounts it was used to registered with. Not only that, LeakedSource will crack the associated passwords when it can.

The search function has made it popular on, what one Reddit user described as a breeding ground for script kiddies. A number of threads at the forum mention how LeakedSource can be used for hacking.

One user, for instance, is offering an ebook for $8 on that very topic. Others are offering advice on how to use LeakedSource as a way to hack a social media account or to dox someone and dump the person’s files online.

“Ever wanted to be an elite hacker and show off?” wrote one user. “Here’s a small tutorial on how to break into a Youtuber’s account using a database looking up tool called: LeakedSource.”

On Monday, LeakedSource declined to answer questions about the legality of the site. The operators behind the service remain anonymous, but they say they don't condone any hacking.

However, as far back as October 2015, LeakedSource appears to have begun promoting itself on When asked about this over email, LeakedSource didn't directly respond.

Instead, the site's operators claim that all the information they store and index is already available on the internet.

"Before people start pointing fingers at us, anyone is free to download well over a billion records from the clear web," LeakedSource said in an email that included links to stolen databases taken from Myspace and LinkedIn.

Legal concerns

The site has also said it's not responsible for any data breaches. It merely collects the stolen databases, often by searching through the Dark Web, or by receiving them from anonymous hackers, LeakedSource has said.

"Many of (the hackers) like what we do, some want to draw publicity to themselves and others don't want their 'enemies' to be able to profit off selling data," it said in an earlier email. 

But even as it may not have been involved in any hacking, legal experts say the site's activities can still be seen as a crime.

Posting stolen passwords on the site can be considered a form of wiretapping, said Susan Freiwald, a law professor at the University of San Francisco. The Electronic Communications Privacy Act prohibits the dissemination of any device that can be used for "surreptitious interception."

She questioned why a site -- that claims to protect users' data -- offers a search function that can crack stolen passwords or look up someone else's information.

"If the whole goal of the site is to warn me, it should never give out my password," she said. "I think this is very suspicious. It doesn't make sense."

The site is essentially making money off of people's stolen data -- and potentially giving hackers a useful way to target victims with what services and user screen names they use, added Christopher Dore, a lawyer with the Edelson law firm.

"They are taking this too far, and monetizing this in a way that's dangerous for consumers," he said. Government regulators, including the Federal Trade Commission, might take notice and want to intervene, he added.

Ongoing risks

Internet users don't necessarily need to panic. Many of the databases stored on LeakedSource are years old and might pertain to internet accounts they no longer in use.

For example, the LinkedIn database on file comes from 2012, and the company has already reset the stolen passwords affected. In other cases, the databases on file only contain hashed passwords that are almost impossible to crack. 

But even so, that doesn't mean the stolen data is useless. The biggest danger is that less tech-savvy users are re-using the same passwords across multiple internet accounts and forgetting to change them. 

Internet users concerned with their privacy appear to be alarmed. After LeakedSource became widely publicized in the media, it was overwhelmed with user requests, wanting their information to be taken down from the site. 

"Our Contact form volume has increased by a multiple of 100 from removal requests and we are unable to read other potentially important messages," LeakedSource said at the time. 

Users can still remove themselves from the LeakedSource site by visiting the site's removal page.

When warning the public about data breaches, there's a danger of posting too much information, said Troy Hunt, an Australian software architect who runs a breach monitoring service called His site routinely collects new databases as well.

Unlike LeakedSource, however, his site doesn't offer any paid search to look up passwords, and for good reason. "As much as there’s potential to improve the state of online security, there’s also the risk of making it worse," he said in an email.

His own site continues to evolve, to prevent Haveibeenpwned from revealing sensitive details on users. 

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?