The online blogging site, LiveJournal, suffered a data breach in 2014 that has just recently been confirmed. Rumors of the stolen data cache seen on criminal forums started in 2018, but nothing was verified until recently. DreamWidth, a site that is a spinoff of LiveJournal and uses the same codebase, has been targeted with credential stuffing attacks over the past few months. Even with all the signs pointing toward a breach, the Rambler Group, who is the parent company of LiveJournal did not confirm the accusations. Everything seemed a little unclear until Have I Been Pwned (HIBP) confirmed that they’d received a copy of the data and it had been indexed on their website. While it was initially reported that nearly 33 million records were included, after duplicates were removed it turned out to be around 26 million. A collaborative effort between ZDNet and KELA revealed that the data had been passed between criminal groups many times for a number of years. It was initially traded between threat actors and then it found its way onto a Darkweb marketplace. A few weeks ago it showed up as a free download on a well-known hacking forum. The Rambler Group has been contacted for comment, but they have yet to provide insight about the situation.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in