Plus, an extortion scheme, a cryptomining campaign, and some new stats on telecommuters
Rumors that a massive LiveJournal hack occurred several years ago were proven true this week as 26 million stolen credentials from the popular online journaling platform went up for sale on the dark web. ZDNet reported that rumors of the hack have been circulating since 2018 when users began seeing their LiveJournal passwords show up in targeted sextortion schemes. Then, this week, attackers used old LiveJournal credentials to launch credential-stuffing attacks at LiveJournal offshoot Dreamwidth. Despite this likely evidence, however, LiveJournal parent company Rambler Group still has not confirmed a breach.
Outside security researchers investigating the issue believe that LiveJournal was hacked in 2014, after which cybercriminals privately traded the stolen data, which included over 26 million username/password combinations. After several years of trading, the data began to leak online. It grew more and more broadly available, soon selling for as low as $35, and ultimately becoming a free download. LiveJournal users who have not changed their passwords since 2014 should do so as soon as possible.
With most people keeping dozens of online accounts these days, it’s likely that at least some of them will end up compromised. Avast security evangelist Luis Corrons offered a simple strategy to mitigate the risk: “Don't reuse passwords, and use a password manager to create strong credentials,” he said, adding that whenever possible, one should always enable two-factor authentication. However, Corrons cautions, employing these tactics doesn’t preclude rule out other security risks: Anyone with an email address can still be the target of other typ ..
Support the originator by clicking the read the rest link below.
