LiveJournal, a fairly popular social networking site created in 1999, has now fallen into the scandals of data breach and credentials leak. Many users and researchers have found the database of over 33 million records belonging to LiveJournal users, is being shared in several dark web forums and even on Telegram! This was expected to obtain from a breach in 2014, and been circulating since 2018!

Since 2014

LiveJournal is a classic networking site even before Facebook. This social and blogging platform was painted to suffer a data breach back in 2014 but never confirmed officially. Yet, there are rumors again that the stolen database from 2014 was traded in hacking forums on the dark web. And now, many are acknowledging this breach to be real, as the database is circulating online for free!

Database of 26 Million User Records Leaked Online
Database of 26 Million User Records Leaked Online

Many cybersecurity researchers and few users even have found LiveJournal’s stolen database containing 33+ million records online. It was shared across many hacking forums, underground groups, and even on Telegram! After filtering the database by removing duplicates, the actual records count up to 26.3 million unique user records. It contains usernames, passwords, email addresses, and profile URLs. Though the passwords are first encrypted with MD5 hashes, they’re now converted to plaintext.

LiveJournal Denies!

Though many have seen and even verified some of the records to be true, LiveJournal denies acknowledgment of breach. On the other hand, Dreamwidth Studios, a fork from LiveJournal years ago, has just reported being experiencing credential stuffing attacks. As both the LiveJournal and Dreamwidth shares the same code infrastructure, it’s possible that credentials stolen from LiveJournal can be used on Dreamwidth platform.

Further, Troy Hunt from HaveIBeenPwnd has responded from many reports and added the breached database to his HIBP site. Thus, any LiveJournal user thinking of being compromised can check their status in HaveIBeenPwnd site with their login email. And if found to be compromised, change the credentials right away.

Via: ZDNet | BleepingComputer


Please enter your comment!
Please enter your name here