PSA: LiveJournal data breach
May. 26th, 2020 02:53 pmIt's been fairly obvious for a while, but there's now convincing evidence that LiveJournal had a major data breach in 2014 (though LJ is still not admitting to it). Not just passwords, but email addresses as well. So you need to assume that bad guys have the ability to find any secret alt journals that share email addresses.
Also, they have access to any other sites that repeat the email address / password combination you used for your LJ(s) any time up to 2014. Which for many people includes DW and this is probably the reason why there has been such a spate of spammers taking over abandoned LJ import journals here.
If you really have to comment to tell me how you never reuse passwords, I suppose I can't stop you, but I don't think that kind of infosec smugness really helps here. Well done, you are l33t. For the rest of us mere mortals, this might be worth knowing. And perhaps some of your friends are not as amazingly careful with their internet security as you are; don't assume bad actors can't figure out your secret anony blogs from your social graph, or read your locked entries via a breached account that has access.
Thanks to![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
sorcyress for the heads-up.
Also, they have access to any other sites that repeat the email address / password combination you used for your LJ(s) any time up to 2014. Which for many people includes DW and this is probably the reason why there has been such a spate of spammers taking over abandoned LJ import journals here.
If you really have to comment to tell me how you never reuse passwords, I suppose I can't stop you, but I don't think that kind of infosec smugness really helps here. Well done, you are l33t. For the rest of us mere mortals, this might be worth knowing. And perhaps some of your friends are not as amazingly careful with their internet security as you are; don't assume bad actors can't figure out your secret anony blogs from your social graph, or read your locked entries via a breached account that has access.
Thanks to
sorcyress for the heads-up.