Ian (lovingboth) wrote,

Just in case anyone still reads this..

.. as opposed to reading me on dreamwidth.org / bifurious.co.uk

Although the current owners don't seem to be admitting it, there's undoubtedly been a breach of the LiveJournal user database. All of my email addresses associated with LJ accounts have been emailed with a blackmail scam (the 'I have video of you masturbating' type, like I wouldn't do anything other than ask for a copy...)

The spambots they've used aren't the best, so only one has actually arrived in an inbox, but running my own mail server means I can see all the other attempts.

What makes this one interesting is that they include the relevant LJ password.

It looks like the data comes from a few years ago, but no-one should have a list of plaintext LJ passwords. They've been stored as MD5 hashes since the start, and mine is long enough that it's extremely unlikely to have been bruteforced. The hash doesn't appear in billions long lists of hashes, for example.

I've been using site-specific passwords for over twenty years, but if you've reused yours, change it now.

Password managers make doing this properly very easy.

  • Failing as snow again, never wanted to..

    A tiny bit, but gosh, this will have been the snowiest winter in London for ages. The walk to school did help me wake up a bit (although I feel the…

  • One for Bad Science?

    Hmm, a Press Association story saying breastfeeding has almost no benefits to the baby has been picked up by the Mail and the Telegraph and... with…

  • Two recent stories

    I've forgotten to go 'hooray' here over this story from a couple of weeks ago: Food labels advice change over Palestinian territories. I am happy to…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 1 comment