2 min read

26 million LiveJournal users warned that their passwords have been breached

Graham CLULEY

May 27, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
26 million LiveJournal users warned that their passwords have been breached

On underground criminal marketplaces the email addresses and plaintext passwords of over 26 million LiveJournal blogging accounts are being traded, despite LiveJournal’s owners refusing to acknowledge that any security breach has occurred.

The first rumours of a major security incident involving LiveJournal passwords first began bubbling up in October 2018, when data breach expert Troy Hunt tweeted that he had received multiple reports of a compromise after users complained they had received sextortion emails quoting passwords they said they only used on the platform.

At the same time Dreamwidth, a blogging platform forked from LiveJournal’s code, warned that it had also received reports of spam extortion emails demanding a Bitcoin ransom.

Dreamwidth said then that it did not believe that its own site was the source of the data breach which fuelled the emails, and declined to name the site in question “because they haven’t made a public announcement confirming the breach.”

Yesterday, however, Dreamwidth publicly named LiveJournal as the likely source of the hacked data. Worryingly, according to Dreamwidth, LiveJournal does not seem inclined to tell its users of the breach.

“We’ve contacted LiveJournal about our findings several times, and they’ve told us each time that they don’t believe the situation warrants disclosure to their users. However, at this point we must advise that you treat the file as legitimate and behave as though any password you used on LiveJournal in the past may be compromised.”

Dreamwidth says that it has in the past been the victim of credential-stuffing attacks, seemingly powered by the usernames and passwords stolen from LiveJournal.

Troy Hunt’s HaveIBeenPwned service has a copy of the breached data, and earlier today an alert was sent out to the owners of 26,372,781 LiveJournal accounts that those passwords should be considered compromised.

Clearly, it would be advisable for affected users to not only change their LiveJournal password, but also ensure that they are not reusing that same password anywhere else on the internet.

The actual password database itself seems to have been created some years ago, so there’s some hope that some users will have changed their passwords over the years anyway. But better to be safe than sorry.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read