Dark Web News

Top 5 Data Leak Sites on the Dark Web in 2024

Top 5 Data Leak Sites on the Dark Web in 2024

Within the shadowy corners of the dark web lies a significant threat to individuals and organizations —  dark web forums. These forums act as platforms typically used for various malicious content, including malware, hacking kits, and most relevant to this article, data leaks. Data leaks can contain any type of compromised data, from personally identifiable information (PII) and login credentials, such as emails and passwords, to credit card numbers and CVVs. This leaked information often leads to severe consequences like account takeover (ATO), identity theft, ransomware attacks, social engineering attacks, and even corporate espionage.

Today, we’ll rank the top 5 data leak websites on the dark web in 2024, exposing the forums where cybercriminals gather and sell compromised data.

BreachForums logo

#1. BreachForums

  • Launch date: March 2022
  • Main language: English
  • # of threads in “Database” section: 5,345

BreachForums is one of the most popular dark web forums. The site was recently seized by the FBI and its partners in an international operation, and re-emerged only weeks later on the Tor network.

BreachForums boasts nearly 40K total threads and over 150K members at the time of writing. This forum is known for its vast collection of information obtained from high-profile data breaches targeting both governments and private companies. The forum features a “Databases” section containing over 900 distinct, supposedly official datasets, encompassing more than 15 billion records. One of the most recent additions to this section is a database allegedly from Gov.UK, potentially affecting over 1 million users.

Screenshot of a forum post where a threat actor claims they’ve extracted usernames and passwords for more than one million users of a UK.gov database.
Screenshot of a forum post where a threat actor claims they’ve extracted usernames and passwords for more than one million users of a UK.gov database.
 LeakBase logo

#2. LeakBase

  • Launch date: January 2023
  • Main language: English
  • # of threads in “Big Database Leaks” section: 1,200

LeakBase is a relatively new forum, active since January 2023. It gained popularity as an alternative for stolen databases and leaked personally identifiable information (PII) when BreachForums went through significant disruptions. With nearly 18K threads and over 60K members, the forum is free to join. Members can upgrade their subscription to the VIP section or GoldPack Membership for access to exclusive content offered by the forum administrators. This content includes large databases and combolists, sourced globally, from both the private and government sectors.

Screenshot of a threat actor claiming to have leaked the Database of Cmesociety.com with over 11 million lines.
Screenshot of a threat actor claiming to have leaked the Database of Cmesociety.com with over 11 million lines.
Nulled logo

#3. Nulled

  • Launch date: March 2015
  • Main language: English
  • # of threads in “Dumps / Databases” section: 12,240

Active since 2015, the notorious English-language forum Nulled has become a haven for cybercriminals on the dark web. It offers a vast collection of illegal content, including stolen data, compromised identities, and financial information like credit card details. Despite not holding the same prestige as BreachForums, Nulled thrives on its popularity. Boasting over 12K threads in its “Dump / Databases” section alone, the forum explodes with activity across other categories like “Accounts,” “Source Codes,” and “Other Leaks,” containing tens of thousands of threads.

Screenshot of a forum post in which a threat actor is allegedly selling JPMORGAN Bank Leads that contain various personal information for each user, such as name, phone number, email address, and date of birth.
Screenshot of a forum post in which a threat actor is allegedly selling JPMORGAN Bank Leads that contain various personal information for each user, such as name, phone number, email address, and date of birth.
Exploit logo

#4. Exploit

  • Launch date: February 2005
  • Main language: Russian
  • # of threads in “Bases and Leaks” section: 13,377

Exploit is a long-standing Russian cybercriminal forum established in 2005. With over 62K registered members, it’s a central hub for cybercriminals. The forum is notorious for its sophisticated ‘Initial Access Brokers’ section, where criminals buy and sell access to compromised systems. It also harbors a massive ‘Bases and Leaks’ section with over 13K threads containing stolen databases, information dumps, and leaked data from global organizations.

Screenshot showing a threat actor claiming to have leaked a Tappware.com database containing millions of records.
Screenshot showing a threat actor claiming to have leaked a Tappware.com database containing millions of records.
XSS logo

#5. XSS

  • Launch date: September 2018
  • Main language: Russian
  • # of threads in “Marketplace -> ACCESS”: 5,600

XSS is a highly professional Russian-speaking dark web forum established in 2018. It boasts over 46K registered users and is popular for its sections on leaked databases, custom malware, hacking tools, vulnerabilities, and zero days that threat actors discovered. Originally known as DaMaGeLab, the forum rebranded as XSS in 2018. One of its most prominent subsections, “ACCESS,” features 5,600 threads where users can buy and sell access to compromised corporate and organizational systems, as well as entire databases breached by threat actors globally.

Screenshot that shows a  known threat actor on XSS selling global, cross-sector databases.
Screenshot that shows a known threat actor on XSS selling global, cross-sector databases.

Data leak sites constantly change — why you need to monitor the dark web

Security professionals work hard every day to monitor external threats on the dark web. However, tracking leaked data on these sites is a constant challenge because when a dark web forum goes down, it quickly reappears on another domain, or a new one pops up to take its place. Monitoring these sites provides access to massive volumes of leaked information that threat actors use for various illegal activities, targeting private and public organizations. Organizations must constantly monitor the dark web to help guard against the threats that leak sites pose. They need to proactively defend against threats as they emerge instead of reacting after the damage is already done. 

To that end, we’ve developed Lunar, a deep and dark web monitoring tool featuring alerts and powerful searches that can help you detect cyber threats such as leaked data on the dark web and infected devices with stealer logs. The tool also lets you get a 360-degree view of a breach before data is leaked. With Lunar, you can proactively take action to stop the flow of data leaks before it’s too late.    
If you’d like to learn more about Lunar, talk to one of our experts.

Dan Tsabari
Dan Tsabari

Threat Intelligence Analyst

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
Create your API account and get instant access to millions of web sources