![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Scammers have gained access to a list of Livejournal usernames and passwords. I'm not sure how long ago the breach was, but your best bet is to change your password now. Also, if you used that password anywhere else, change your password there as well and if possible check those accounts for signs of compromise. (Change them all to *different* passwords. Use a password manager such as 1Password or Firefox's built-in password manager, or just memorize them and write the less important ones down in a physical notebook.)
Source: People (including myself) are receiving scam emails with some bullshit claim about having installed malware, giving an email address and password as proof. They're using emails and passwords from compromised sites, such as Last.fm, LinkedIn, and now Livejournal. LJ was not known to be compromised, but it's not at all a surprise to me. Other sources:
- https://bifurious.co.uk/livejournal-compromised-in-more-ways-than-one/
- https://siderea.dreamwidth.org/1453052.html
- https://dw-news.dreamwidth.org/38612.html (doesn't name LJ, but you know it)
- https://www.livejournal.com/support/request/?id=2085067 (has since been locked down, although I archived it first and have since been in touch with that user)
You can sign up for https://haveibeenpwned.com/ to keep abreast of further password database breaches (and other leaks of your personal information) although Troy hasn't yet posted about this one, probably since the leaked DB hasn't yet made its way into his hands.
(There is not yet evidence that anyone has used the passwords to log into LJ and scrape your post and comment history and the posts and comments of your friends, but it could happen. If you have abandoned LJ but have *not* wiped out all your posts and unfriended everyone, please go ahead and change your password anyway to protect your friends.)
Update 2018-10-09: I can confirm that the breach happened on or before 2017-04-27. In that first link, a commenter narrows it down to the 2011–2014 window.
Update 2020-05-08: Spammers started using the dump to take over DW accounts and advertise their sites: https://dw-maintenance.dreamwidth.org/81865.html
Source: People (including myself) are receiving scam emails with some bullshit claim about having installed malware, giving an email address and password as proof. They're using emails and passwords from compromised sites, such as Last.fm, LinkedIn, and now Livejournal. LJ was not known to be compromised, but it's not at all a surprise to me. Other sources:
- https://bifurious.co.uk/livejournal-compromised-in-more-ways-than-one/
- https://siderea.dreamwidth.org/1453052.html
- https://dw-news.dreamwidth.org/38612.html (doesn't name LJ, but you know it)
- https://www.livejournal.com/support/request/?id=2085067 (has since been locked down, although I archived it first and have since been in touch with that user)
You can sign up for https://haveibeenpwned.com/ to keep abreast of further password database breaches (and other leaks of your personal information) although Troy hasn't yet posted about this one, probably since the leaked DB hasn't yet made its way into his hands.
(There is not yet evidence that anyone has used the passwords to log into LJ and scrape your post and comment history and the posts and comments of your friends, but it could happen. If you have abandoned LJ but have *not* wiped out all your posts and unfriended everyone, please go ahead and change your password anyway to protect your friends.)
Update 2018-10-09: I can confirm that the breach happened on or before 2017-04-27. In that first link, a commenter narrows it down to the 2011–2014 window.
Update 2020-05-08: Spammers started using the dump to take over DW accounts and advertise their sites: https://dw-maintenance.dreamwidth.org/81865.html
