Data hoarding site represents the dark side of data breach monitoring

LeakedSource, a giant repository online that stores stolen databases, can potentially make hacking easier

A site that's been warning the public about data breaches might actually be doing more harm than good.

Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts -- including the passwords -- is probably in it.

In fact, the giant repository is made up of stolen databases taken from LinkedIn, Myspace, Dropbox, and thousands of other sites. It bills itself as a data breach monitoring site and for months now, it's been collecting details on hacks, both old and new, and alerting the media about them.

But the repository also features something that might be illegal: a search function that can look up all the stolen information. It’s also why LeakedSource is probably becoming a tool for novice hackers.

A hacking resource

For US$2 a day, a subscriber at LeakedSource can enter an email address or username and find details on what internet accounts it was used to registered with. Not only that, LeakedSource will crack the associated passwords when it can.

The search function has made it popular on, what one Reddit user described as a breeding ground for script kiddies. A number of threads at the forum mention how LeakedSource can be used for hacking.

One user, for instance, is offering an ebook for $8 on that very topic. Others are offering advice on how to use LeakedSource as a way to hack a social media account or to dox someone and dump the person’s files online.

“Ever wanted to be an elite hacker and show off?” wrote one user. “Here’s a small tutorial on how to break into a Youtuber’s account using a database looking up tool called: LeakedSource.”

On Monday, LeakedSource declined to answer questions about the legality of the site. The operators behind the service remain anonymous, but they say they don't condone any hacking.

However, as far back as October 2015, LeakedSource appears to have begun promoting itself on When asked about this over email, LeakedSource didn't directly respond.

Instead, the site's operators claim that all the information they store and index is already available on the internet.

"Before people start pointing fingers at us, anyone is free to download well over a billion records from the clear web," LeakedSource said in an email that included links to stolen databases taken from Myspace and LinkedIn.

Legal concerns

The site has also said it's not responsible for any data breaches. It merely collects the stolen databases, often by searching through the Dark Web, or by receiving them from anonymous hackers, LeakedSource has said.

"Many of (the hackers) like what we do, some want to draw publicity to themselves and others don't want their 'enemies' to be able to profit off selling data," it said in an earlier email. 

But even as it may not have been involved in any hacking, legal experts say the site's activities can still be seen as a crime.

Posting stolen passwords on the site can be considered a form of wiretapping, said Susan Freiwald, a law professor at the University of San Francisco. The Electronic Communications Privacy Act prohibits the dissemination of any device that can be used for "surreptitious interception."

She questioned why a site -- that claims to protect users' data -- offers a search function that can crack stolen passwords or look up someone else's information.

"If the whole goal of the site is to warn me, it should never give out my password," she said. "I think this is very suspicious. It doesn't make sense."

The site is essentially making money off of people's stolen data -- and potentially giving hackers a useful way to target victims with what services and user screen names they use, added Christopher Dore, a lawyer with the Edelson law firm.

"They are taking this too far, and monetizing this in a way that's dangerous for consumers," he said. Government regulators, including the Federal Trade Commission, might take notice and want to intervene, he added.

Ongoing risks

Internet users don't necessarily need to panic. Many of the databases stored on LeakedSource are years old and might pertain to internet accounts they no longer in use.

For example, the LinkedIn database on file comes from 2012, and the company has already reset the stolen passwords affected. In other cases, the databases on file only contain hashed passwords that are almost impossible to crack. 

But even so, that doesn't mean the stolen data is useless. The biggest danger is that less tech-savvy users are re-using the same passwords across multiple internet accounts and forgetting to change them. 

Internet users concerned with their privacy appear to be alarmed. After LeakedSource became widely publicized in the media, it was overwhelmed with user requests, wanting their information to be taken down from the site. 

"Our Contact form volume has increased by a multiple of 100 from removal requests and we are unable to read other potentially important messages," LeakedSource said at the time. 

Users can still remove themselves from the LeakedSource site by visiting the site's removal page.

When warning the public about data breaches, there's a danger of posting too much information, said Troy Hunt, an Australian software architect who runs a breach monitoring service called His site routinely collects new databases as well.

Unlike LeakedSource, however, his site doesn't offer any paid search to look up passwords, and for good reason. "As much as there’s potential to improve the state of online security, there’s also the risk of making it worse," he said in an email.

His own site continues to evolve, to prevent Haveibeenpwned from revealing sensitive details on users. 

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?