Security News > 2020 > May > How user credentials from LiveJournal wound up on the Dark Web
Hackers are trying to sell 26 million LiveJournal account credentials following a reported data breach that happened years ago.
Following the theft of LiveJournal's user database, multiple ads were posted by Dark Web data brokers, according to ZDNet.
In light of the leak of LiveJournal user credentials, especially plain text passwords, what did the Rambler Group and LiveJournal do, or fail to do, to protect the security of its users?
Even worse, Clements said, "LiveJournal apparently didn't follow even the most basic security best practices such as securely hashing users' passwords. This put their users at enormous risk of immediate compromise should there ever be a problem that exposed the LiveJournal database. Attackers can use the cleartext passwords to log in directly to the compromised user's account and try the same password on other services as often people will reuse the same password for many or all their accounts."
"This is completely inexcusable behavior for any organization that is entrusted with data from users. Unless LiveJournal provides a prompt response to this breach and transparent accounting of how it is now conforming to security best practices, I'd encourage any LiveJournal users to abandon the service."
News URL
Related news
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)
- What Is the Dark Web? (source)
- What It Costs to Hire a Hacker on the Dark Web (source)
- Russia sentences Hydra dark web market leader to life in prison (source)
- Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs (source)
- Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids (source)