https://i.kinja-img.com/gawker-media/image/upload/c_lfill,w_768,q_90/o3zrnhihf11fyw4baawk.jpg — Screenshot: David Murphy

What To Do If Your Old LiveJournal Password Was Leaked

29 May 2020 by David Murphy

I love getting emails from Firefox Monitor that tell me my email was found in a brand-new data breach. Adding insult to injury is when it’s an email for a service I haven’t used for a decade. And the Triple Crown of this scenario is when that service is Livejournal—you know, that place everyone blogged before Tumblr was cool.

The quirky part of this Livejournal data breach is that the data, itself, isn’t all that new. As ZDNet reports, the breach allegedly occurred back in 2014. The data contained within it—usernames, emails, and plaintext passwords for more than 26 million Livejournal users—has been making the rounds since then. It’s only popping up on your radar now, if you’re using one of the many account-breach-notification services available, because all these stolen items have, themselves, been leaked.

(It’s worth noting that Livejournal’s owner, the Rambler Group, denies that its servers were ever breached; they claim these user names and passwords were collected from various other malware and brute-force attacks.)

https://i.kinja-img.com/gawker-media/image/upload/c_lfill,w_768,q_90/en04ulhfwxzjewjmui1v.jpg — Screenshot: David Murphy, Have I Been Pwned

Here’s the silver lining, though: You probably haven’t used LiveJournal in years. And this breach is so old that odds are good you’ve moved on from whatever password it is you previously used for your online journal. You might still have the same email address—I do!—but you’re probably already in the clear as far as account security goes.

Still, if you ever used LiveJournal, you’re going to want to do the following::

Assuming your account hasn’t been automatically deleted for inactivity, reset your LiveJournal password right now.
Check a service like Have I Been Pwned to see if the email address you regularly use is associated with this breach. (Livejournal is old so you might not remember.)
While you’re there sign up for Have I Been Pwned’s monitoring service (or something like Firefox Monitor) so you learn about breaches associated with your email as soon as possible.
If you used your LiveJournal password for other sites, change those right now. If you can’t remember, then tools like 1Password’s Watchtower or Google’s Password Checkup can help.
As always, stop using the same password on multiple sites.
Enable two-factor authentication wherever you can. That way, even if someone gets their hands on your email address and a working password, there’s still one, final hurdle they have to jump over to get into your account. (Odds are good they don’t have access to your phone or your texts, so you’ll be safe for the time being.)