Security News > 2020 > May > How user credentials from LiveJournal wound up on the Dark Web
Hackers are trying to sell 26 million LiveJournal account credentials following a reported data breach that happened years ago.
Following the theft of LiveJournal's user database, multiple ads were posted by Dark Web data brokers, according to ZDNet.
In light of the leak of LiveJournal user credentials, especially plain text passwords, what did the Rambler Group and LiveJournal do, or fail to do, to protect the security of its users?
Even worse, Clements said, "LiveJournal apparently didn't follow even the most basic security best practices such as securely hashing users' passwords. This put their users at enormous risk of immediate compromise should there ever be a problem that exposed the LiveJournal database. Attackers can use the cleartext passwords to log in directly to the compromised user's account and try the same password on other services as often people will reuse the same password for many or all their accounts."
"This is completely inexcusable behavior for any organization that is entrusted with data from users. Unless LiveJournal provides a prompt response to this breach and transparent accounting of how it is now conforming to security best practices, I'd encourage any LiveJournal users to abandon the service."
News URL
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)