2 min read

26 million LiveJournal users warned that their passwords have been breached

Graham CLULEY

May 27, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
26 million LiveJournal users warned that their passwords have been breached

On underground criminal marketplaces the email addresses and plaintext passwords of over 26 million LiveJournal blogging accounts are being traded, despite LiveJournal’s owners refusing to acknowledge that any security breach has occurred.

The first rumours of a major security incident involving LiveJournal passwords first began bubbling up in October 2018, when data breach expert Troy Hunt tweeted that he had received multiple reports of a compromise after users complained they had received sextortion emails quoting passwords they said they only used on the platform.

At the same time Dreamwidth, a blogging platform forked from LiveJournal’s code, warned that it had also received reports of spam extortion emails demanding a Bitcoin ransom.

Dreamwidth said then that it did not believe that its own site was the source of the data breach which fuelled the emails, and declined to name the site in question “because they haven’t made a public announcement confirming the breach.”

Yesterday, however, Dreamwidth publicly named LiveJournal as the likely source of the hacked data. Worryingly, according to Dreamwidth, LiveJournal does not seem inclined to tell its users of the breach.

“We’ve contacted LiveJournal about our findings several times, and they’ve told us each time that they don’t believe the situation warrants disclosure to their users. However, at this point we must advise that you treat the file as legitimate and behave as though any password you used on LiveJournal in the past may be compromised.”

Dreamwidth says that it has in the past been the victim of credential-stuffing attacks, seemingly powered by the usernames and passwords stolen from LiveJournal.

Troy Hunt’s HaveIBeenPwned service has a copy of the breached data, and earlier today an alert was sent out to the owners of 26,372,781 LiveJournal accounts that those passwords should be considered compromised.

Clearly, it would be advisable for affected users to not only change their LiveJournal password, but also ensure that they are not reusing that same password anywhere else on the internet.

The actual password database itself seems to have been created some years ago, so there’s some hope that some users will have changed their passwords over the years anyway. But better to be safe than sorry.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read
Hive ransomware has extorted $100 million in 18 months, FBI warns Hive ransomware has extorted $100 million in 18 months, FBI warns
Graham CLULEY

November 23, 2022

2 min read
Some DraftKings Accounts Compromised in Credential Stuffing Attack; Company Promises to Return Lost Funds Some DraftKings Accounts Compromised in Credential Stuffing Attack; Company Promises to Return Lost Funds
Silviu STAHIE

November 22, 2022

1 min read