Hackers share database containing passwords and personal data from 26 MILLION LiveJournal for free on dark web forum
- The databases allegedly contain millions of unique LiveJournal accounts
- In them are passwords, email addresses, usernames, and more
- LiveJournal has yet to publicly acknowledge the breach
- Other blogging platforms say they’ve been the target of attacks as a result of compromised information
A compilation of hacked LiveJournal accounts containing millions of people’s passwords and other personal information is circulating on hacker forums for free.
According to Bleeping Computer, databases allegedly containing stolen data from more than 33 million unique LiveJournal accounts have circulated on several hacker forums over the past month.
Forums like the one pictured are offering access to a data set that allegedly contains millions of unique accounts from LiveJournal, including passwords and email addresses
Posts sharing links to the accounts – which are being offered for free – say the collection includes email addresses, usernames, profile URLs, and passwords.
While the passwords were initially encrypted with MD5 – an easily decipherable form of encryption – the database is offering passwords in plaintext, meaning there’s no decryption required.
Security Researcher Troy Hunt, who runs the website HaveIBeenPwned, has added the compromised emails to his searchable database so that anyone worried they’ve been included in the breach can verify.
Hunt dated the breach to 2017 meaning many of the passwords could already be defunct by now.
Despite the massive number of users breached, LiveJournal has yet to acknowledge that it was at the center of any attack.
Those breached accounts have reportedly been used by hackers to try and access other sites similar to LiveJournal.
Dreamwidth studios, which is a blogging platform for artists, told Hunt in a tweet that LiveJournal accounts had been used in what’s known as ‘credential stuffing’ attacks that attempt to use compromised data to break into victims’ accounts.
Some users of Dreamwidth say that they’ve been the center of extortion scams, in which scammers use old LiveJournal passwords to convince targets that they’d been ‘caught watching porn on camera.’
While the passwords and other information contained in the breach are likely several years old, people re-using old passwords could still be compromised by the database.