The Infamous LiveJournal Breach Aided Cybercriminals in Credential Stuffing Attacks for Years

Although data breaches can look the same from afar, they are more like snowflakes. Unique and pretty much unpredictable every time. Some are big, and some are small. Some are discovered right away, and others are revealed months or even years later. Some are managed soundly, and others are ignored completely. The infamous LiveJournal breach is certainly unique for several reasons. For one, it was kept under wraps for six years. Second, it led to successful sextortion and credential stuffing attacks. Finally, those responsible for the security of LiveJournal users have adamantly refused to take any responsibility. Hopefully, you have changed the affected passwords if you have become a victim of the LiveJournal breach already. If you have not done that yet, continue reading to learn why doing that is crucial.

2014: LiveJournal data breach

It is believed that the LiveJournal breach occurred at some point in 2014. It is impossible to know all of the details pertaining to the incident, given that LiveJournal – or Rambler Media Group, more specifically – has not shared much. According to the research conducted by ZDNet, 26.3 million unique passwords, email addresses, and usernames have been leaked, which is a major data breach by anyone’s standards. It appears that when the data was leaked initially, it was encrypted with MD5, and we have already discussed how weak this form of encryption is. It is outdated and no longer up to the standards. Of course, back in 2014, this was not an issue. What is an issue is that the LiveJournal breach was not reported.

For years after the breach, files with passwords in plain-text and the matching usernames and email addresses have been floating around. At first, these files were shared amongst hackers on underground forums silently. Eventually, the data was shared so many times that its value decreased to a mere $35. Finally, it got leaked online, and files containing the leaked credentials were found flowing through Telegram channels and the dark web for free. This is when it became clear that a major data breach occurred, but we are getting ahead of ourselves here.

2018: LiveJournal users report receiving sextortion emails

Before it became evident that a massive LiveJournal breach occurred, LiveJournal users were subjected to scary sextortion scam emails. Using the leaked credentials, schemers were able to create fake messages claiming that video recordings of the recipients viewing pornographic content or engaging in other similar activities have been made. To convince these recipients that the claims were true, schemers included the breached passwords. This was meant to convince them that private and sensitive data, as well as access to the connected web camera, was accessible to the attackers. Of course, that was just a lie.

Unfortunately, sextortion scams are pretty lucrative, and according to a recent report, schemers involved in them can make up to $100,000 per month. Needless to say, this is not the kind of money that criminals would ever pass up on, especially when not much effort needs to be put into creating believable sextortion scams. In the future, if you ever receive an email that is meant to intimidate you with the help of some breached data (whether it is old or in use), do not pay attention to the demands. Instead, focus on changing your passwords and strengthening the security of your accounts and the used devices.

2019: Passwords are leaked publicly

Finally, we get to 2019, which is when the passwords leaked during the LiveJournal breach surfaced. This is when pretty much anyone with the right accounts on the right platforms could get their hands onto the files containing passwords in plain text. What happened next? Credentials stuffing attacks started coming from left and right. Dreamwidth – which is a blogging platform created using the LiveJournal codebase – started reporting reoccurring attacks and even warned LiveJournal about it.

So, what is credential stuffing? It is a form of cyberattack that involves trying multiple combinations of passwords and usernames to gain account access. To ensure that the process is smooth and efficient, botnets are often employed, which allows the attackers to guess multiple combinations at once. What is credential stuffing? Basically, it is an attempt to hijack your accounts using leaked data. That is only possible if you recycle passwords, which, unfortunately, is still a huge issue. In 2019, the extent of password recycling was estimated at 72%, which is shocking.

2020: LiveJournal does not take the blame

As ZDNet reported, LiveJournal did not take any responsibility for the breach. In fact, this is what their official statement suggested: “We analyzed data appeared and can say that the data may be compiled using different sources and mostly falsified.” This kind of negligence has certainly put millions of people at risk, and while many might have changed passwords since 2014, there are bound to be some people who continue to log in using stolen credentials. Some of them might have had their accounts hijacked due to it.

While changing LiveJournal passwords is important post the 2014 LiveJournal breach, it might not be enough to protect yourself against hackers that are conducting credentials stuffing attacks. All duplicated passwords MUST be changed immediately as well. In fact, we suggest taking this opportunity to make all of your passwords unique because you do not want to become a victim of credential stuffing in the future just because you failed to think of unique and strong passwords. That said, thinking of unique and strong passwords is easier said than done, and our recommendation is that you employ a password manager to help you with the task.

Cyclonis Passwords Manager can generate unique passwords for every account that you own, and it certainly can help you replace a breached LiveJournal password too. Furthermore, it can lock your passwords in a secure vault to keep them safe against other kinds of cyber threats that are created to steal and misuse passwords. Once you take care of your own accounts, do not forget to share the importance of changing passwords with your blogger friends, and also inform them about what credential stuffing is.