What to Do If Your Old LiveJournal Password Is Leaked
I love receiving emails from Firefox Monitor saying that my email was discovered as the result of a brand new data breach. The insult is compounded by the fact that I receive an email from a service that I have not used in ten years. And the triple crown of that scenario is when this service – Livejournal – you know, the place where everyone blogged before Tumblr was cool.
The quirky part of this Livejournal data leak is that the data itself isn’t all that new. According to ZDNet, the hack allegedly happened back in 2014. The data it contains – usernames, emails and clear text passwords for more than 26 million Livejournal users – has been exchanged since then. This is only now showing up on your radar if you are using one of the many account hack notification services available, because all those stolen items leaked on their own.
(It’s worth noting that the owner of Livejournal, Rambler Group, denies that its servers have ever been hacked; they claim that these usernames and passwords were obtained from various other malware and brute-force attacks.)
But here’s the joy: you probably haven’t used LiveJournal in years. And this violation is so old that chances are good that you switched from the same password you previously used for your online journal. You may have the same email address – I have! – but you’re probably already unsure about account security.
However, if you’ve ever used LiveJournal, you need to do the following:
- If your account was not automatically deleted due to inactivity , reset your LiveJournal password now.
- Check a service like Have I Been Pwned to see if the email you regularly use is associated with this hack. (Livejournal is old, so you might not remember.)
- While you sign up there I have been monitoring the PWNED service (or something like Firefox Monitor ) so that you will find out about email-related violations as soon as possible.
- If you have used your LiveJournal password for other sites, change it now. If you can not remember, then you can help tools such as Watchtower 1Password or the Google the Password Checkup .
- As always, stop using the same password across multiple sites.
- Enabling two-factor authentication wherever you can . So, even if someone gets your email address and work password, there is one final hurdle to overcome to log into your account. (They likely don’t have access to your phone or your messages, so you’ll be safe for now.)