Ian (lovingboth) wrote,

Just in case anyone still reads this..

.. as opposed to reading me on dreamwidth.org / bifurious.co.uk

Although the current owners don't seem to be admitting it, there's undoubtedly been a breach of the LiveJournal user database. All of my email addresses associated with LJ accounts have been emailed with a blackmail scam (the 'I have video of you masturbating' type, like I wouldn't do anything other than ask for a copy...)

The spambots they've used aren't the best, so only one has actually arrived in an inbox, but running my own mail server means I can see all the other attempts.

What makes this one interesting is that they include the relevant LJ password.

It looks like the data comes from a few years ago, but no-one should have a list of plaintext LJ passwords. They've been stored as MD5 hashes since the start, and mine is long enough that it's extremely unlikely to have been bruteforced. The hash doesn't appear in billions long lists of hashes, for example.

I've been using site-specific passwords for over twenty years, but if you've reused yours, change it now.

Password managers make doing this properly very easy.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 1 comment