A leak portal is a public extortion website used by ransomware or data-theft groups to name alleged victims and sometimes publish stolen files, screenshots, or samples. The goal is to create pressure: once a company is listed, customers, partners, and the press may assume a breach is real, even before the evidence is verified.
Leak portals matter because they are part of double-extortion tactics. Attackers use them to threaten exposure if payment is not made, or to prove they can access data. For defenders, a listing is not proof of compromise, but it is a strong incident-response cue. Security teams should preserve logs, check authentication and remote-access activity, review unusual data transfers, and validate backups while investigating whether the claim is genuine.