Popular blogging platform LiveJournal has come under fire following the discovery of a database containing credentials of its 26 million users being sold and shared online.
According to SC Magazine, the entire database, which contains email addresses, usernames, profile URLs, and plain text passwords of millions of LiveJournal users, was up for sale on the dark web for as low as $35.
However, as early as July 2019, the data dump has also been widely available for free download in Telegram channels and other file-sharing portals.
Originally, the leaked data was believed to have originated from a 2014 breach. However, Have I Been Pwned’s Troy Hunt thinks the event took place in 2017, saying that was the year indicated in the data dump’s file name.
For years, rumors about a LiveJournal security breach have been circulating online, with the earliest recorded in 2018, when multiple LiveJournal users claimed to have received sextortion email spam campaigns quoting their passwords.
Only recently, DreamWidth, a blogging platform based on the LiveJournal codebase, revealed it had also been targeted by spam extortion emails demanding for a Bitcoin ransom. One of the platform’s owners, Denise Paolucci, also revealed that the data dump has been available on the black market since October of 2018.
“Beginning in March of 2020, and again in May of 2020, we saw several instances of Dreamwidth accounts being broken into and used for spam. We believed at the time, and continue to believe, that the source of the password information being used to break into these accounts is the same black-market file that claims to be LiveJournal password data. Every user we asked whether they had used the compromised password on LiveJournal before confirmed that they had,” she explained on a blog post.
“We have no way to tell for sure whether LiveJournal has actually had a data breach, or whether the file that’s circulating is real or fake. All we can say for certain is that none of the evidence we’ve seen has disproven the claim made by the people offering the file that the file contains usernames and passwords taken from LiveJournal.”
According to Paolucci, Dreamwidth has reached out to LiveJournal about their findings several times in the past.
“We’ve contacted LiveJournal about our findings several times, and they’ve told us each time that they don’t believe the situation warrants disclosure to their users. However, at this point we must advise that you treat the file as legitimate and behave as though any password you used on LiveJournal in the past may be compromised,” she added.