LiveJournal is a platform for bloggers to connect and share their pieces. Readers can comment on the blogs they read, allowing them a different kind of interaction with the authors than they would receive reading on another site.
The breach resulted from an unauthorized party gaining access to a LiveJournal database. The information in said database was sold on the black market, allowing an unknown number of criminals and bad actors to access millions of victims’ personally identifying information.
The breach occurred when a hacker managed to infiltrate an LJ database. An investigation done by ZDNet proved the existence of the database and found various ads claiming to be selling or willing to buy the victims’ PII. After, LiveJournal refused to admit to the breach.
This breach occurred in 2014.
The breach impacts a large number of LiveJournal users. Some people have claimed to receive extortion emails from the hacker demanding money. The hacker threatened the recipients, claiming they could access their passwords and usernames, among other data.
The breach affected approximately 26.3 million individuals and files. The hacker also used the information taken in this breach in numerous attempted credential stuffing attacks on Dreamwidth, a similar platform. Credential stuffing occurs when a hacker uses emails, usernames, and passwords attained in another security breach to achieve access to other websites or systems; this relies on password recycling.