The Infamous LiveJournal Breach Aided Cybercriminals in Credential Stuffing Attacks for Years

Although data breaches can look the same from afar, they are more like snowflakes. Unique and pretty much unpredictable every time. Some are big, and some are small. Some are discovered right away, and others are revealed months or even years later. Some are managed soundly, and others are ignored completely. The infamous LiveJournal breach is certainly unique for several reasons. For one, it was kept under wraps for six years. Second, it led to successful sextortion and credential stuffing attacks. Finally, those responsible for the security of LiveJournal users have adamantly refused to take any responsibility. Hopefully, you have changed the affected passwords if you have become a victim of the LiveJournal breach already. If you have not done that yet, continue reading to learn why doing that is crucial.

2014: LiveJournal data breach

It is believed that the LiveJournal breach occurred at some point in 2014. It is impossible to know all of the details pertaining to the incident, given that LiveJournal – or Rambler Media Group, more specifically – has not shared much. According to the research conducted by ZDNet, 26.3 million unique passwords, email addresses, and usernames have been leaked, which is a major data breach by anyone’s standards. It appears that when the data was leaked initially, it was encrypted with MD5, and we have already discussed how weak this form of encryption is. It is outdated and no longer up to the standards. Of course, back in 2014, this was not an issue. What is an issue is that the LiveJournal breach was not reported.

For years after the breach, files with passwords in plain-text and the matching usernames and email addresses have been floating around. At first, these files were shared amongst hackers on underground forums silently. Eventually, the data was shared so many times that its value decreased to a mere $35. Finally, it got leaked online, and files containing the leaked credentials were found flowing through Telegram channels and the dark web for free. This is when it became clear that a major data breach occurred, but we are getting ahead of ourselves here.

2018: LiveJournal users report receiving sextortion emails

Before it became evident that a massive LiveJournal breach occurred, LiveJournal users were subjected to scary sextortion scam emails. Using the leaked credentials, schemers were able to create fake messages claiming that video recordings of the recipients viewing pornographic content or engaging in other similar activities have been made. To convince these recipients that the claims were true, schemers included the breached passwords. This was meant to convince them that private and sensitive data, as well as access to the connected web camera, was accessible to the attackers. Of course, that was just a lie.

Unfortunately, sextortion scams are pretty lucrative, and according to a recent report, schemers involved in them can make up to $100,000 per month. Needless to say, this is not the kind of money that criminals would ever pass up on, especially when not much effort needs to be put into creating believable sextortion scams. In the future, if you ever receive an email that is meant to intimidate you with the help of some breached data (whether it is old or in use), do not pay attention to the demands. Instead, focus on changing your passwords and strengthening the security of your accounts and the used devices.

2019: Passwords are leaked publicly

Finally, we get to 2019, which is when the passwords leaked during the LiveJournal breach surfaced. This is when pretty much anyone with the right accounts on the right platforms could get their hands onto the files containing passwords in plain text. What happened next? Credentials stuffing attacks started coming from left and right. Dreamwidth – which is a blogging platform created using the LiveJournal codebase – started reporting reoccurring attacks and even warned LiveJournal about it.

So, what is credential stuffing? It is a form of cyberattack that involves trying multiple combinations of passwords and usernames to gain account access. To ensure that the process is smooth and efficient, botnets are often employed, which allows the attackers to guess multiple combinations at once. What is credential stuffing? Basically, it is an attempt to hijack your accounts using leaked data. That is only possible if you recycle passwords, which, unfortunately, is still a huge issue. In 2019, the extent of password recycling was estimated at 72%, which is shocking.

2020: LiveJournal does not take the blame

As ZDNet reported, LiveJournal did not take any responsibility for the breach. In fact, this is what their official statement suggested: “We analyzed data appeared and can say that the data may be compiled using different sources and mostly falsified.This kind of negligence has certainly put millions of people at risk, and while many might have changed passwords since 2014, there are bound to be some people who continue to log in using stolen credentials. Some of them might have had their accounts hijacked due to it.

While changing LiveJournal passwords is important post the 2014 LiveJournal breach, it might not be enough to protect yourself against hackers that are conducting credentials stuffing attacks. All duplicated passwords MUST be changed immediately as well. In fact, we suggest taking this opportunity to make all of your passwords unique because you do not want to become a victim of credential stuffing in the future just because you failed to think of unique and strong passwords. That said, thinking of unique and strong passwords is easier said than done, and our recommendation is that you employ a password manager to help you with the task.

Cyclonis Passwords Manager can generate unique passwords for every account that you own, and it certainly can help you replace a breached LiveJournal password too. Furthermore, it can lock your passwords in a secure vault to keep them safe against other kinds of cyber threats that are created to steal and misuse passwords. Once you take care of your own accounts, do not forget to share the importance of changing passwords with your blogger friends, and also inform them about what credential stuffing is.

By Foley
September 29, 2020
Computer Security
English
September 29, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

News

SoundCloud Was a Target for Credential Stuffing Attacks Due to the Unlimited Number of Login Attempts

With over 170 million users, SoundCloud is undoubtedly one of the world's largest audio streaming platforms. According to Alexa, it's in the Top 100 most visited websites, which made it a perfect candidate for a good... Read more

February 13, 2020
News

Chegg Disappoints Again: A Third Data Breach in Three Years

On April 28, US education technology company Chegg admitted that it had suffered a data breach. In a letter sent to affected individuals, Dana Jewell, Chegg's Vice President, announced that on April 9, a hacker... Read more

May 4, 2020
How To

How to Prevent Pretexting Attacks

What is Pretexting? Pretexting is some other form of social engineering where hackers attempt to create a good pretext, or a fictional scenario, which they can use to attempt to rob their targets of their private... Read more

August 29, 2019
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.