![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Likely LiveJournal password compromise
May. 27th, 2020 06:29 amYou likely got an email, but just in case...Read more here
PSA: Likely LiveJournal password compromise
Have I Been Pwned?, the notification service for password breach incidents, has now loaded a file of 26 million accounts containing usernames, email addresses, and passwords that allegedly were taken from LiveJournal at some point several years ago.
The information in this file has been available on the black market since at least October of 2018, when we first reported people getting spam extortion emails with passwords in them. Our investigation at the time showed that we were not the likely source of the password data in those extortion emails, and that the likely source was a breach from LiveJournal.
Beginning in March of 2020, and again in May of 2020, we saw several instances of Dreamwidth accounts being broken into and used for spam. We believed at the time, and continue to believe, that the source of the password information being used to break into these accounts is the same black-market file that claims to be LiveJournal password data. Every user we asked whether they had used the compromised password on LiveJournal before confirmed that they had. Read more here...
PSA: Likely LiveJournal password compromise
Have I Been Pwned?, the notification service for password breach incidents, has now loaded a file of 26 million accounts containing usernames, email addresses, and passwords that allegedly were taken from LiveJournal at some point several years ago.
The information in this file has been available on the black market since at least October of 2018, when we first reported people getting spam extortion emails with passwords in them. Our investigation at the time showed that we were not the likely source of the password data in those extortion emails, and that the likely source was a breach from LiveJournal.
Beginning in March of 2020, and again in May of 2020, we saw several instances of Dreamwidth accounts being broken into and used for spam. We believed at the time, and continue to believe, that the source of the password information being used to break into these accounts is the same black-market file that claims to be LiveJournal password data. Every user we asked whether they had used the compromised password on LiveJournal before confirmed that they had. Read more here...
