Multiple hacking forums are currently sharing a database that contains over 26m unique LiveJournal user accounts as well as plain text passwords for free.
Rumors have circulated for some time now that the once hugely popular blogging platform suffered a security breach back in 2014, during which time the account credentials for 33m users were stolen.
Since the beginning of May, links to a data dump that allegedly contains 33,717,787 unique LiveJournal accounts have been available on hacking forums online.
Based on posts sharing links to the database, it contains email addresses, usernames, profile URLs and user passwords that were originally stored as MD5 hashes but were converted to plain text.
While some people believe the information contained in the data dump came from the 2014 security breach, Have I Been Pwned’s Troy Hunt thinks it originated from a breach that took place in 2017 based on its file name (LiveJournal_com_2017_33.7m.txt). The LiveJournal database has now been added to the site’s data breach notification service with additional information on how hackers obtained the user credentials and passwords, which reads:
“In mid-2019, news broke of an alleged LiveJournal data breach. This followed multiple reports of credential abuse against Dreamwidth beginning in 2018, a fork of LiveJournal with a significant crossover in user base. The breach allegedly dates back to 2017 and contains 26M unique usernames and email addresses (both of which have been confirmed to exist on LiveJournal) alongside plain text passwords. An archive of the data was subsequently shared on a popular hacking forum in May 2020 and redistributed broadly.”
LiveJournal has yet to confirm whether a data breach occurred as well as whether or not the database is legitimate.
If you used the company’s blogging platform back in its heyday, you should go check Have I Been Pwned to see if your email address is part of the database and if so, it is recommended that you change your LiveJournal password immediately.