NEW: Blogging platform LiveJournal appears to have suffered a security breach in 2014

-26M LiveJournal credentials are being sold on the dark web, shared on hacking forums
-Rumors of a breach started circulating in 2018, but LJ never formally confirmed

https://www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/

The LiveJournal data has been abused for years, even if LiveJournal never confirmed the 2014 security incident.

Here's an email sextortion campaign abusing the LJ data https://twitter.com/wigsofoz/status/1053125480537149440

Here's blogging platform DreamWidth confirming credential stuffing attacks carried out with old LiveJournal credentials. Attacks are still ongoing. https://twitter.com/rahaeli/status/1265316773508927488

LiveJournal data has ben traded in private circles for months.

At the start of the month it began leaking in the regular places.

Here's an ad on the dark web. The whole database sold for only $35

Also on Raid.... because everything's on Raid these days.

The passwords were original stored in MD5, but they've been cracked ages ago and are now being provided in their plaintext versions.

Earlier today, the LiveJournal data was added to HIBP, so you can use it to check if your old 2014 creds have been leaked https://twitter.com/haveibeenpwned/status/1265407243454779394