Posted on May 28, 2020 at 1:51 PM
Databases that contain details from over 26 million LiveJournal accounts were sold on hacker forums and the Dark Web, as a recent report reveals.
The blogging journal seems to have suffered the breach back in 2014, but the multiple hackers responsible for the hack are now selling their loot on different hacking forums and darknet sites.
There have been rumors about the breach of LiveJournal for the past two years without any security firm or even the blogging journal confirming it.
But in October 2018, several users lodged complaints that they were receiving sextortion email spam campaigns and the spammers are using their old LiveJournal passwords.
One of the users, Aaron Wigley, complained on Twitter about an email he received.
“I’ve received this extortion letter, with an email address I used unique to LiveJournal, and an ancient password,” he said.
Forked LiveJournal blogging site also affected
DramWidth, a blogging site created from the LiveJournal codebase has also seen its fair share of attack for the past months.
In a series of tweets and blog posts published by the blogging site over the past few weeks, it said it has been the victim of multiple credential stuffing attacks. The firm said the hackers took advantage of a previous breach and utilized old usernames and passwords from LiveJournal to compromise DreamWeidth accounts. This was possible because both platforms share the same users and codebase.
LiveJournal has not made a formal announcement or disclosure about the breach, but the DreamWidth team says they have been having a series of multiple attacks lately.
Different reports on data breach timeline
The hackers have been busy selling the stolen data, and sharing it with a data breach notification service, Have I Been Pawned, who added a listing about the LiveJournal breach.
In the listing, it shows the breach occurred in 2017, with 26,372,781 user accounts compromised. The breached accounts contain details such as usernames, passwords, as well as email addresses.
Another evidence was showing that the breach occurred earlier than 2017 in another report. We Leak Info, a former data-leak tracking service, reported in July last year that a data leak occurred in 2014 which contained 33 million LiveJournal accounts.
Despite the overwhelming evidence that LiveJournal has been faced with multiple attacks, the developers of the platform, the Rambler Group, has declined to offer comments or statement about the attack.
Hackers using leaked details to launch attacks
Irrespective of the timeline, it appears that a breach occurred and the hackers have had their loot from LiveJournal for a long time. The attackers have used that information to launch a series of attacks, including email-based extortion and credential stuffing.
LiveJournal database has been around for a long time
Data security firm KELA confirmed that the leaked database of the LiveJournal platform has been available for a long time. The firm said it tracked down some copies of the database in the dark web and other hacking underground platforms.
It said data brokers have posted several ads, where the hackers were looking to buy or sell the database. Some of the ads were out for several months, which suggests that many hackers were aware of the breached LiveJournal data, even when the company did not confirm the 2014 breach. Some of the ads were offering to buy the LiveJournal database from whoever has the details.
Transactions on stolen data were initially done in private
For the 2014 breach, it seems hackers bought and sold the database in private, as it got into the hands of different threat actors such as brute-forcing botnets and spam groups.
However, the data got leaked online when it was traded over and over again. It was only in 2019 the breached LiveJournal database became public knowledge when WeLeakInfo announced it
In time, many hackers became widely aware of the database as trades on the database increased over time. Even now when the information has circulated round, the operators of LiveJournal have not officially announced any details about the breach.