Threat Watch

2014 Breach of LiveJournal Confirmed; Over 26 Million Records Exposed

The online blogging site, LiveJournal, suffered a data breach in 2014 that has just recently been confirmed. Rumors of the stolen data cache seen on criminal forums started in 2018, but nothing was verified until recently. DreamWidth, a site that is a spinoff of LiveJournal and uses the same codebase, has been targeted with credential stuffing attacks over the past few months. Even with all the signs pointing toward a breach, the Rambler Group, who is the parent company of LiveJournal did not confirm the accusations. Everything seemed a little unclear until Have I Been Pwned (HIBP) confirmed that they’d received a copy of the data and it had been indexed on their website. While it was initially reported that nearly 33 million records were included, after duplicates were removed it turned out to be around 26 million. A collaborative effort between ZDNet and KELA revealed that the data had been passed between criminal groups many times for a number of years. It was initially traded between threat actors and then it found its way onto a Darkweb marketplace. A few weeks ago it showed up as a free download on a well-known hacking forum. The Rambler Group has been contacted for comment, but they have yet to provide insight about the situation.

ANALYST NOTES

A situation like this goes to show the lifecycle of a data breach can cause lasting effects. Users of LiveJournal who think they may have been impacted may want to visit HIBP to confirm that their information was included. Any LiveJournal credentials that may have been re-used on other platforms should be changed immediately as there is an increased risk for credential stuffing attacks on other sites now that the data is more widely available. Be on the lookout for a comment from the Rambler Group if they decide to provide one.

Source: https://www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/