Experts Reaction On 26 Million LiveJournal Credentials Leaked Online

A database containing over 26 million unique LiveJournal user accounts, including plain text passwords, is being shared for free on multiple hacker forums. For some time, rumours have been circulating that LiveJournal was breached in 2014 and account credentials for 33 million users were stolen. Since approximately May 8th, 2020, links to a data dump allegedly containing 33,717,787 unique accounts have been circulating on various hacker forums. The passwords were converted to plain text after initially being stored as MD5 hashes.


EXPERTS COMMENTS
Trevor Morgan, Product Manager ,  comforte AG
May 29, 2020
Email addresses, usernames and hashed passwords are valuable information if they fall into the wrong hands.
Email addresses, usernames and hashed passwords are valuable information if they fall into the wrong hands, so hackers will target any infrastructure holding critical information, even blogging sites like LiveJournal. While there is no sure-fire way to prevent these hackers from accessing sensitive information, there are solutions that protect the data itself. Although LiveJournal took the steps ....
[Read More >>]
Robert Ramsden Board, VP EMEA ,  Securonix
May 28, 2020
Despite LiveJournal’s efforts to encrypt personally identifiable information (PII), the MD5 hashed passwords were easily converted to plain text.
Yet again we are seeing private consumer information surfacing on hacking forums. This emphasises the importance of password security, both for businesses and individuals. This manifests on two separate, but crucial, levels. Despite LiveJournal’s efforts to encrypt personally identifiable information (PII), the MD5 hashed passwords were easily converted to plain text. This means that businesses ....
[Read More >>]
Boris Cipot, Senior Sales Engineer ,  Synopsys
May 28, 2020
I would urge all LiveJournal users to change their passwords, not only to their LiveJournal accounts, but all accounts with potentially sensitive.
Even as this database dump is potentially in excess of five years old, this situation further supports the importance of password security hygiene. I would urge all LiveJournal users to change their passwords, not only to their LiveJournal accounts, but all accounts with potentially sensitive or personally identifiable information (PII) on a regular basis. Additionally, I strongly recommend agains ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
May 28, 2020
Once the bad guys get their hands on information like this, they immediately begin trying other sites and services to attempt to access accounts.
It seems as if lately it's "another day, another data breach." Incidents such as this underscore the need for users to only use secure and unique passwords to access websites and other online services. Never use the same password on multiple accounts. Once the bad guys get their hands on information like this, they immediately begin trying other sites and services to attempt to access accounts. ....
[Read More >>]
Anurag Kahol, CTO,  Bitglass
May 28, 2020
Personal data is precious, and it is imperative that the proper controls are in place to secure it.
It does not take much effort for outsiders to find unsecured databases and access sensitive information. Leaving a database vulnerable can pose major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation. Personal data is precious, and it is imperative that the proper controls are in place to secure it. Even companies with limited IT resources must take full ....
[Read More >>]
Samantha Humphries, Security Strategist ,  Exabeam
May 28, 2020
Credentials can be a huge problem for security teams once an attacker is undercover in the network.
The theft of IDs, passwords and personal details is by far the most common goal for today’s cyber attackers. Vast deposits of valid credentials are gold dust for cybercriminals, as account details are often replicated across multiple platforms and services and can be used for credential stuffing attacks - as we saw recently with the campaign against Zoom. These attacks take advantage of poor p ....
[Read More >>]
Chris Clements, VP,  Cerberus Sentinel
May 28, 2020
The breach has been well known since late 2018 and the dataset suggests it began 4 years earlier in 2014.
The LiveJournal is a case study in security failure from start to finish. The breach has been well known since late 2018 and the dataset suggests it began 4 years earlier in 2014. Even worse, LiveJournal apparently didn’t follow even the most basic security best practices such as securely hashing user’s passwords. This put their users at enormous risk of immediate compromise should there ever ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
May 28, 2020
It's important that credentials like passwords are stored in a secure manner.
It's important that credentials like passwords are stored in a secure manner. This means using an appropriately strong hash as opposed to MD5. The problem with storing passwords insecurely is that criminals will try to use the email and password combinations to target other services in password stuffing attacks. It is why it's important that users not reuse the same password across multiple site ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article