LiveJournal is a Russian social networking service where users can keep a blog, journal or diary. And here, it was revealed that the platform suffered a massive security breach back in 2014.
As seen by posts on the dark web hacking forums, hackers who are selling the 26 million user credentials, appeared to be sharing the hacked database since at least October 2018.
The leaked data include users' username, email, and password in plaintext.
Since then, LiveJournal users have reported seeing sextortion email spam campaigns over the years.
In spite of all the evidence supporting the fact that hackers have gained access to a large number of LiveJournal credentials, the Rambler Group, the company that owns LiveJournal, initially declined to formally acknowledge the breach.
With rumors spreading, questions seem to have been answered when Troy Hunt's "Have I Been Pwned" (HIBP) data breach indexing service announced that it has received a copy of the LiveJournal user database and has added it on its website.
Researchers who tracked the breach, found that hackers have been selling the credentials through multiple ads posted by data brokers.
Through the ads, some going back for months, suggest that many threat actors were very much aware of the stolen LiveJournal data, despite the company failing to identify the 2014 security breach.
From these ads, it was revealed that after the 2014 intrusion, hackers traded the LiveJournal data in private, with the user database being traded by several threat actors, and purchased by those such as spam groups and operators of brute-forcing botnets.
Because most transactions were out of the public, the hack incident went pretty much undetected for years.
However, as the data got traded over and over again and fell to even more hands, the news about the incident resurfaced. And this time, it caught more people's attention.
According to reports, the LiveJournal database was listed for sale for the lowly price of $35 on dark web forums.
And days after being made available on the dark web, the same LiveJournal database was also shared on a well-known hacking forum, from where it began circulating as a free download on some Telegram channels and file-sharing portals.
After again approached for comment, this time after Have I Been Pwned indexed a copy of the leaked database, the Rambler Group finally shone some light into the situation.
While it denied that hackers had gained access to its systems, and that the data was merely compiled across the years from different sources, the company said that:
We encountered cases of brute-force attacks in 2011-2012. We have implemented suspicious activity system to track and block suspicious logins since then, and have improved our password storage mechanics. We have developed all of the necessary protocols for unauthorized account usage attempts.
We alert our users regularly to the necessity of updating their password. We have disabled passwords that were not updated for extended period of time. Users experiencing troubles accessing their accounts can submit a support request to get assistance.