Security News > 2020 > May > Account credentials of 26+ million LiveJournal users leaked online

Account credentials of 26+ million LiveJournal users leaked online
2020-05-27 12:28

A data dump containing account information of over 26 million LiveJournal users has been offered for sale on dark web marketplaces and is now being shared for free on underground hacker forums.

The data dump, supposedly originating from a 2014 LiveJournal breach, contains email addresses, usernames, profile URLs and plain text passwords of 33+ million users.

"Beginning in March of 2020, and again in May of 2020, we saw several instances of Dreamwidth accounts being broken into and used for spam. We believed at the time, and continue to believe, that the source of the password information being used to break into these accounts is the same black-market file that claims to be LiveJournal password data. Every user we asked whether they had used the compromised password on LiveJournal before confirmed that they had," she explained.

"We have no way to tell for sure whether LiveJournal has actually had a data breach, or whether the file that's circulating is real or fake. All we can say for certain is that none of the evidence we've seen has disproven the claim made by the people offering the file that the file contains usernames and passwords taken from LiveJournal. We've contacted LiveJournal about our findings several times, and they've told us each time that they don't believe the situation warrants disclosure to their users. However, at this point we must advise that you treat the file as legitimate and behave as though any password you used on LiveJournal in the past may be compromised."

Past and current LiveJournal users are advised to change their passwords to a new, long and unique one and to do the same on any other account where they used the same one.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/kc80b1mQ1_8/