A database of 26+ million user credentials for the popular blogging site LiveJournal has been found for sale on the dark web and freely traded on hacking forums.
In 2014, LiveJournal suffered a security breach, which compromised 26+ million user credentials. The breach was not reported at the time, and it appears these credentials have been circulating ever since. The entire database has sold for as low as $35 and also been found traded freely.
What is the dark web?
The dark web is similar to the internet we all use, except that it is only accessible with specific software, configurations, and authorizations. In this pocket of the web, stolen data such as the LiveJournal credentials are bought and sold, usually for nefarious use.
What information was compromised in the LiveJournal incident?
- Plain text passwords
If you have or have ever had a LiveJournal account and think your data may have been compromised, follow these steps.
If you are already a Dashlane user, use the dark web monitoring tool to run a dark web scan to see if any of your data landed in the wrong hands. Once you set up Dark Web Monitoring, Dashlane will continually keep an eye out for you, and alert you if any of your data is found.
Not a Dashlane user yet? Download Dashlane today and try Premium free for 90 days.
Why is this only being reported now if the breach occurred in 2014?
Rumors of a LiveJournal leak go back up to two years, according to ZDNet. Two newer developments appear to have catalyzed the current concern about a LiveJournal breach:
- DreamWidth, a blogging platform that shares code and users with LiveJournal, has been under attack from credential stuffing of old LiveJournal logins for several months. Credential stuffing is a type of attack in which hackers use previously stolen passwords in a large-scale, automated attempt to gain access to a different company’s accounts (this common hacking technique is why we recommend every account have its own strong, unique password). DreamWidth has been actively posting about the attacks, dating all the way back to October 2018.
- Have I Been Pwned announced that it received a copy of the LiveJournal user database. The database has been indexed on its site, making it possible for users to check and see if their information was compromised.
Following these reports, ZDNet conducted its own investigation with intelligence firm KELA to verify the breach.
The Rambler Group, the parent company to LiveJournal, has yet to confirm or comment on the breach.
How can I protect myself from credential stuffing?
Unfortunately, credential stuffing is not an uncommon attack. It was only a few weeks ago that we saw half a million Zoom accounts compromised and for sale on the dark web because of credential stuffing. Fortunately, there are some steps you can take to protect yourself.
Never reuse passwords
All your accounts should have unique, strong passwords. This ensures that if one password is compromised, your other accounts stay safe. A strong password has a minimum of 8 characters and includes a mix of uppercase letters, lowercase letters, numbers, and special characters.
Use a password manager
Dashlane has a built-in password generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.
Two-factor authentication adds an extra layer of security when logging into accounts for the first time on a new device. Many websites and apps offer this option in their settings. With two-factor authentication, a hacker would need both your password and the second authentication code to actually access your account.
Run a dark web scan
If your data is ever compromised—whether through credential stuffing or other means—a dark web scan will keep you informed. Dashlane’s Dark Web Monitoring scans the web for leaked personal data and sends you alerts so you can take action to protect your accounts.