Who is attacking livejournal

The Kremlin has not commented on the accusations, while Nashi spokeswoman Kristina Potupchik said by telephone Tuesday that they were "some person's groundless assumptions. Your donation to The Moscow Times directly supports the last independent English-language news source within Russia.

Support The Moscow Times! Contribute today. By Alexandra Odynova. Read more. Contribute today Maybe later. While a breach was never confirmed at the time, rumors didn't stop either. For the past months, DreamWidth, a blogging platform forked from the old LiveJournal codebase has also been under assault. In a series of blog posts and tweets published over the past weeks, DreamWidth says it has been targeted by multiple credential stuffing attacks.

The company says hackers used old LiveJournal username and password combinations to breach DreamWidth accounts -- since the two platforms share the same codebase and users -- and post spam messages on its site. LJ hasn't made a formal disclosure or announcement, but we at dreamwidth have been seeing credential stuffing attacks we have a lot of overlap with LJ increase greatly lately.

I'm emailing you with what we've found! But in spite of all the evidence supporting the fact that hackers have gained access to a large number of LiveJournal credentials, the Rambler Group, the company which owns LiveJournal, has declined to formally acknowledge a breach in its previous communications with DreamWidth administrators.

However, earlier today, these rumors appear to have been confirmed when the Have I Been Pwned HIBP data breach indexing service announced that it received a copy of the LiveJournal user database and indexed it on its website.

With the help of threat intelligence firm KELA , ZDNet has confirmed the existence of the LiveJournal stolen database and has tracked down copies and mentions of user data in multiple locations across the hacking underground. For starters, we identified multiple ads posted by data brokers. In these ads, hackers were selling or willing to buy the LiveJournal database. The ads, some going back for months, suggest that many threat actors were very much aware of the stolen LiveJournal data, despite the company failing to identify the security breach.

From these ads it appears that after the intrusion, hackers traded the LiveJournal data in private, with the user database making its way through the hands of several threat actors, such as spam groups and brute-forcing botnets. However, as the data got traded over and over again, it also leaked online. The first mention that the LiveJournal database became broadly available was in July , when now-defunct data breach indexing service WeLeakInfo announced it obtained a copy of the LiveJournal database, which it added to its service.

As time went by, the data also became more broadly available. Ad says 33 million records, but after removing duplicates, the data is only But the data did not remain up for sale for long. Days after being made available on the dark web, the same LiveJournal database was also shared on a well-known hacking forum, from where it began almost immediately broadly circulating as a free download on Telegram channels and file-sharing portals.

Currently, the DreamWidth platform is still suffering from credential stuffing attacks using old LiveJournal credentials, but the company is rolling out updates. Credential stuffing is a major problem in information security.

With so many data breaches and compromised consumer records, reusing a password is essentially the same as failing to secure an account. For some time, security experts have recommended changing to an easy to remember, but difficult to attack, passphrase instead of the old eight-character passwords. This is despite the fact that ads offering the LiveJournal database for sale are still posted online.

If someone believes they might have been impacted by a potential LiveJournal data breach, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call the ITRC toll-free at Finally, they can download the free ID Theft Help App for iOS or Android to communicate with advisors via live chat, use the case management tool to track their action for resolving their data breach case, find resources for protecting themselves from further harm and much more.

Choose the email lists you'd like to sign up for below by checking the boxes.