A leak-site is a public webpage used by threat actors to post victim names, sample stolen files, or other claims of compromise. Its purpose is usually coercion: by making an alleged breach visible, attackers increase pressure on the target to pay, negotiate, or panic. In extortion campaigns, the site may advertise “proof” even when the underlying incident is not yet confirmed.
Leak-sites matter because they are both an attack tool and an intelligence source. Defenders monitor them to spot possible compromise, but a listing is not forensic evidence by itself; it may be incomplete, exaggerated, or misattributed. When a victim appears on a leak-site, security teams should verify access logs, check for data exfiltration, review cloud and identity controls, and rotate exposed credentials if needed. The practical lesson is simple: treat leak-site posts as a serious signal, but confirm the facts before drawing conclusions.